Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gTU8ed4669.exe

Overview

General Information

Sample name:gTU8ed4669.exe
renamed because original name is a hash value
Original sample name:2177e5dd54a3815b8535b4e6902c1777.exe
Analysis ID:1578932
MD5:2177e5dd54a3815b8535b4e6902c1777
SHA1:1cc1940a436cfa997f221ac2b16dfe57d7d0da11
SHA256:47ea422d6bd14500cf0851c83895445560363a19beddd3a8e9500922f217240a
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • gTU8ed4669.exe (PID: 5804 cmdline: "C:\Users\user\Desktop\gTU8ed4669.exe" MD5: 2177E5DD54A3815B8535B4E6902C1777)
    • taskkill.exe (PID: 4140 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2828 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6556 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3752 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1436 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 2228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7160 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5652 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4760 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {788ec753-8911-4214-b663-accd94cf9494} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2201b26f710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 904 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3908 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1c3967e-c418-4a34-8ffb-95b5c942fc48} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2202d851e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7700 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8122f20-b90c-4c06-8f30-9d4c81547b9e} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 22033673310 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: gTU8ed4669.exe PID: 5804JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: gTU8ed4669.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: gTU8ed4669.exeReversingLabs: Detection: 28%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
    Machine Learning detection for sample
    Source: gTU8ed4669.exeJoe Sandbox ML: detected
    Source: gTU8ed4669.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49737 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49864 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49865 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2203888992.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2202103858.000002202B49F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2203888992.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2202103858.000002202B49F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2200244130.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2200244130.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_006CDBBE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0069C2A2 FindFirstFileExW,0_2_0069C2A2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D68EE FindFirstFileW,FindClose,0_2_006D68EE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006D698F
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006CD076
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006CD3A9
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006D9642
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006D979D
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006D9B2B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006D5C97
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then dec ecx14_3_000002DAEC21B636
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 223MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006DCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_006DCE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2134499461.000002202C6BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153525536.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2151742690.000002202C611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2258304847.000002202C982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249775668.000002202C982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2122067125.000002203322E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261060224.0000022034961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272873616.0000022033244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2109795667.000002202C786000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122067125.000002203322E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261060224.0000022034961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2288598323.000002202C2E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2240544463.0000022033578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2240544463.0000022033578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2122067125.000002203322E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261060224.0000022034961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272873616.0000022033244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2109795667.000002202C786000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122067125.000002203322E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261060224.0000022034961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2282188023.000002202D7E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D2803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2282188023.000002202D7E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D2803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2282188023.000002202D7E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D2803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2258304847.000002202C982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240089689.00000220335EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249775668.000002202C982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2288598323.000002202C2E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2288598323.000002202C2E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108006842.000002202C171000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108006842.000002202C171000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171793899.000002202B4A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171793899.000002202B4A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2282188023.000002202D7E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2288848334.000002202C2B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2296037401.000002202DFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261060224.00000220349A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2290931549.000002202CC0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2290931549.000002202CC0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2224415176.000002202C9B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132551435.000002202C9CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127719100.000002202C9CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126087573.000002202C9CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2250440026.000002202C5E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259618438.000002202C820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118429274.000002202BFE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234653949.000002202BF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140241683.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108406550.00000220285EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2150299705.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241787336.000002202BF38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240544463.0000022033578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223540961.00000220337CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134984665.000002202C6C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116190189.00000220337CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131017429.000002202C6C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204652415.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279118945.000002202EA5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2152106461.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129269435.000002202C5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2088142380.000002202B6FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2219906420.000002202B6F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263083302.000002202C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133872961.000002202C6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171793899.000002202B4A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2248509121.000002202E98D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2248509121.000002202E98D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2275834290.0000022035071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108006842.000002202C171000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2285335825.000002202CC23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280901579.000002202D985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249360085.000002202DCEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 00000011.00000003.2107278225.00000249D304D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3300587272.00000249D304D000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2108006842.000002202C171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2119826704.0000022033646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2279118945.000002202EAC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2297418211.000002202CCEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282486850.000002202CCEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305662973.0000022032F6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.2204652415.000002202C6A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2150299705.000002202C6AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225719778.000002202C8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144113142.000002202C647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2109432799.000002203505A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2152106461.000002202C656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140776018.000002202C647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233264192.000002202C6A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2142049117.000002202C647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138270057.000002202C647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233541992.000002202C65A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204652415.000002202C647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2150299705.000002202C656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2208292845.000002202C64F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2154747402.000002202C656000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2291443485.000002202DCA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2291443485.000002202DCA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2240544463.000002203356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2282442779.000002202D2F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
    Source: firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
    Source: firefox.exe, 0000000E.00000003.2291521039.00000220332D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272378276.00000220349BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2129466698.000002202C594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2129466698.000002202C594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2129466698.000002202C594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2263083302.000002202C87D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129466698.000002202C591000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127296894.00000220330E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=815437
    Source: firefox.exe, 0000000E.00000003.2131111540.000002202C663000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2079809957.000002202B838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079968158.000002202B853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079526060.000002202B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080106662.000002202B86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080235908.000002202B88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2288598323.000002202C2E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2298038039.000002202CB94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
    Source: firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240544463.000002203355F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096359911.000002203303C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2134499461.000002202C6BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288984203.000002202C0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153525536.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299181035.000002202C0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2151742690.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2145618024.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2117389844.000002202C988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2118429274.000002202BFDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096359911.000002203303C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2239491761.00000220349A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 00000012.00000002.3296341332.0000015AEAC13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2116965950.00000220330E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2262576400.000002202EF2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283950367.0000022037182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2284077928.000002203713B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2267738363.00000220370B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000012.00000002.3296341332.0000015AEAC13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000002.3296341332.0000015AEACC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000012.00000002.3296341332.0000015AEACC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000011.00000002.3294077577.00000249D282F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2300407250.0000022036AAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270632414.0000022036AAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2300407250.0000022036AAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270632414.0000022036AAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2300407250.0000022036AAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270632414.0000022036AAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2300407250.0000022036AAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270632414.0000022036AAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2300407250.0000022036AAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270632414.0000022036AAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000012.00000002.3296341332.0000015AEACC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2300407250.0000022036AAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270632414.0000022036AAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2122178575.0000022032F6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000012.00000002.3296341332.0000015AEACC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096359911.000002203303C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.2079809957.000002202B838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079968158.000002202B853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079526060.000002202B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080106662.000002202B86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2293205060.0000022037192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283368934.0000022037192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2134499461.000002202C6BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127719100.000002202C913000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153525536.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2151742690.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2145618024.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288984203.000002202C0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299181035.000002202C0CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2290782937.000002202CC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282874537.000002202CC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305256081.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2249399694.000002202DCE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288848334.000002202C2A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2279118945.000002202EA8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2260121529.00000220373ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237609236.00000220373FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/baseline/1/66799a57-f7ac-4ee5-a4a6-124
    Source: firefox.exe, 0000000E.00000003.2298038039.000002202CBAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286133460.000002202CB94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298038039.000002202CB94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/15c6453e-5d38-4c95-b033-11313
    Source: firefox.exe, 0000000E.00000003.2249399694.000002202DCE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/5d692db8-cfbc-4e1a-adf8-e6fa
    Source: firefox.exe, 0000000E.00000003.2285335825.000002202CC0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/326bcb01-23a4-4a39-8e2b-96d03
    Source: firefox.exe, 0000000E.00000003.2246588171.00000220373E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2266542459.00000220373E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/0fe95c6a-cedc-45a9
    Source: firefox.exe, 0000000E.00000003.2249399694.000002202DCE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273040269.000002202DCE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/594ab3d5-7725-42c9
    Source: firefox.exe, 0000000E.00000003.2246588171.00000220373E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237695280.00000220373E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2266542459.00000220373E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/9143faaf-1826-4dd5
    Source: firefox.exe, 0000000E.00000003.2249399694.000002202DCE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273040269.000002202DCE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/af5a90b0-7c7b-4609
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2279118945.000002202EAC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2279118945.000002202EAC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2134499461.000002202C6BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288984203.000002202C0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153525536.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299181035.000002202C0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2151742690.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2145618024.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2117389844.000002202C988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 00000011.00000002.3294077577.00000249D2886000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.2108006842.000002202C171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2118429274.000002202BFDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.2285335825.000002202CC23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297737890.000002202CC23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2109795667.000002202C770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C72E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2107937988.000002202C17B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2https:
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2107937988.000002202C17B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2107937988.000002202C17B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2https://
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2261897669.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305662973.0000022032F35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000012.00000002.3296341332.0000015AEAC13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2109432799.000002203505A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275927335.000002203505A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2285335825.000002202CC0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238143434.0000022034AAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294114921.0000022034AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2288709936.000002202C2CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282540312.000002202CCD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286133460.000002202CB94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284077928.000002203714C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298038039.000002202CB94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2218165785.000002202E8E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217395998.000002202E8E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2278418877.0000022032EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2239491761.0000022034961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096359911.000002203303C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2239491761.0000022034961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
    Source: firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079526060.000002202B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080106662.000002202B86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080235908.000002202B88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2106199226.000002202DBBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247376517.00000220332D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122598228.000002202DBBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2240544463.0000022033578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
    Source: firefox.exe, 0000000E.00000003.2240544463.0000022033578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000E.00000003.2172164086.000002202B49B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2240544463.0000022033578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2247947129.000002203323B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2240089689.00000220335EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079968158.000002202B853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079526060.000002202B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080106662.000002202B86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080235908.000002202B88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2142802058.000002202CAFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2287278660.000002202C72E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.2290052869.00000220349C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261060224.00000220349BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276140428.00000220349BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239491761.00000220349BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290052869.00000220349BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118877353.00000220349C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302235721.000002203490B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272378276.00000220349BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
    Source: firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
    Source: firefox.exe, 0000000E.00000003.2294114921.0000022034ACD000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2119826704.00000220336C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294936408.00000220336C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2249535119.000002202DCA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2291443485.000002202DCA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000E.00000003.2119826704.00000220336C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294936408.00000220336C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
    Source: firefox.exe, 00000011.00000002.3294077577.00000249D28C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2300407250.0000022036AAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270632414.0000022036AAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2240922053.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305166568.0000022032FC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261897669.0000022032F94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2279118945.000002202EAC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2239491761.0000022034961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2134984665.000002202C6C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133872961.000002202C6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2151742690.000002202C626000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2123762283.000002202BF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136813865.000002202C6C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2117360215.000002202C98B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140776018.000002202C627000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153863122.000002202C629000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2109795667.000002202C794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282188023.000002202D7E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D2803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2279118945.000002202EA68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299658680.000002202C026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2109432799.0000022035071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280507165.000002202D9FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275834290.0000022035071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.3295240956.0000015AEAB40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
    Source: firefox.exe, 00000011.00000002.3293292775.00000249D257A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3294251305.0000015AEA8FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3295240956.0000015AEAB44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.2069990384.000002A7280DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2075052698.000002C23F23F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000011.00000002.3293292775.00000249D2570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd6
    Source: firefox.exe, 00000012.00000002.3294251305.0000015AEA8F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdD
    Source: gTU8ed4669.exe, 00000000.00000003.2067566941.00000000014D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdEMP=C:
    Source: firefox.exe, 00000010.00000002.3294617530.0000025621C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3298803576.0000025621FC4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3298417448.00000249D2994000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3293292775.00000249D2570000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3294251305.0000015AEA8F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3295240956.0000015AEAB44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000012.00000002.3294251305.0000015AEA8FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdP
    Source: firefox.exe, 00000010.00000002.3294617530.0000025621C0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdaU
    Source: firefox.exe, 00000010.00000002.3294617530.0000025621C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwduU
    Source: firefox.exe, 00000011.00000002.3298417448.00000249D2990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.cow
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49737 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49864 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49865 version: TLS 1.2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006DEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006DEAFF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006DED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_006DED6A
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006DEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006DEAFF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_006CAA57
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006F9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_006F9576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: gTU8ed4669.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: gTU8ed4669.exe, 00000000.00000000.2030989160.0000000000722000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_17a83850-f
    Source: gTU8ed4669.exe, 00000000.00000000.2030989160.0000000000722000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c494467e-e
    Source: gTU8ed4669.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_6ffaa70b-4
    Source: gTU8ed4669.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_4cd47795-5
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F421F2 NtQuerySystemInformation,17_2_00000249D2F421F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F48BB7 NtQuerySystemInformation,17_2_00000249D2F48BB7
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_006CD5EB
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_006C1201
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_006CE8F6
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0066BF400_2_0066BF40
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006680600_2_00668060
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D20460_2_006D2046
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C82980_2_006C8298
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0069E4FF0_2_0069E4FF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0069676B0_2_0069676B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006F48730_2_006F4873
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0066CAF00_2_0066CAF0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0068CAA00_2_0068CAA0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0067CC390_2_0067CC39
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00696DD90_2_00696DD9
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0067D0640_2_0067D064
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0067B1190_2_0067B119
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006691C00_2_006691C0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006813940_2_00681394
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006817060_2_00681706
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0068781B0_2_0068781B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0067997D0_2_0067997D
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006679200_2_00667920
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006819B00_2_006819B0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00687A4A0_2_00687A4A
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00681C770_2_00681C77
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00687CA70_2_00687CA7
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006EBE440_2_006EBE44
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00699EEE0_2_00699EEE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00681F320_2_00681F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F421F217_2_00000249D2F421F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F48BB717_2_00000249D2F48BB7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F4291C17_2_00000249D2F4291C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F4223217_2_00000249D2F42232
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: String function: 00669CB3 appears 31 times
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: String function: 00680A30 appears 46 times
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: String function: 0067F9F2 appears 40 times
    Source: gTU8ed4669.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/34@68/12
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D37B5 GetLastError,FormatMessageW,0_2_006D37B5
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C10BF AdjustTokenPrivileges,CloseHandle,0_2_006C10BF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_006C16C3
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_006D51CD
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_006CD4DC
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_006D648E
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006642A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_006642A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2764:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6620:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4564:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4612:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: gTU8ed4669.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2301667707.0000022034A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: gTU8ed4669.exeReversingLabs: Detection: 28%
    Source: unknownProcess created: C:\Users\user\Desktop\gTU8ed4669.exe "C:\Users\user\Desktop\gTU8ed4669.exe"
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {788ec753-8911-4214-b663-accd94cf9494} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2201b26f710 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3908 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1c3967e-c418-4a34-8ffb-95b5c942fc48} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2202d851e10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8122f20-b90c-4c06-8f30-9d4c81547b9e} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 22033673310 utility
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {788ec753-8911-4214-b663-accd94cf9494} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2201b26f710 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3908 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1c3967e-c418-4a34-8ffb-95b5c942fc48} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2202d851e10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8122f20-b90c-4c06-8f30-9d4c81547b9e} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 22033673310 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2203888992.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2202103858.000002202B49F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2203888992.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2202103858.000002202B49F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2200244130.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2200244130.000002202B4A9000.00000004.00000020.00020000.00000000.sdmp
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006642DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006AE859 push 00000000h; ret 0_2_006AE8FD
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006AE8FF push 00000000h; ret 0_2_006AE901
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00680A76 push ecx; ret 0_2_00680A89
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0066900A push 00000000h; iretd 0_2_0066900C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0067F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0067F98E
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006F1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_006F1C41
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96318
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F421F2 rdtsc 17_2_00000249D2F421F2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_006CDBBE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0069C2A2 FindFirstFileExW,0_2_0069C2A2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D68EE FindFirstFileW,FindClose,0_2_006D68EE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006D698F
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006CD076
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006CD3A9
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006D9642
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006D979D
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006D9B2B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006D5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006D5C97
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006642DE
    Source: firefox.exe, 00000012.00000002.3299868628.0000015AEAD00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW((
    Source: firefox.exe, 00000010.00000002.3294617530.0000025621C0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0R
    Source: gTU8ed4669.exe, 00000000.00000003.2111120631.00000000012DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\ProgramData\Microsoft\Windows\Start MenuHyper-V RAW
    Source: firefox.exe, 00000011.00000002.3293292775.00000249D257A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0d
    Source: gTU8ed4669.exe, 00000000.00000002.2114862389.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3294617530.0000025621C0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3300095107.0000025622440000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3294251305.0000015AEA8FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3299294995.000002562201A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000011.00000002.3298774570.00000249D2E12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^qA
    Source: firefox.exe, 00000011.00000002.3298774570.00000249D2E12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW:F
    Source: firefox.exe, 00000010.00000002.3294617530.0000025621C0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
    Source: firefox.exe, 00000010.00000002.3300095107.0000025622440000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@
    Source: firefox.exe, 00000011.00000002.3298774570.00000249D2E12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4p
    Source: firefox.exe, 00000010.00000002.3300095107.0000025622440000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3298774570.00000249D2E12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000249D2F421F2 rdtsc 17_2_00000249D2F421F2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006DEAA2 BlockInput,0_2_006DEAA2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00692622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00692622
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006642DE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00684CE8 mov eax, dword ptr fs:[00000030h]0_2_00684CE8
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_006C0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00692622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00692622
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0068083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0068083F
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006809D5 SetUnhandledExceptionFilter,0_2_006809D5
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00680C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00680C21
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_006C1201
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006A2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_006A2BA5
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006CB226 SendInput,keybd_event,0_2_006CB226
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006E22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_006E22DA
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_006C0B62
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006C1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_006C1663
    Source: gTU8ed4669.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: gTU8ed4669.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.2175204532.0000022037505000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00680698 cpuid 0_2_00680698
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006BD21C GetLocalTime,0_2_006BD21C
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006BD27A GetUserNameW,0_2_006BD27A
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0069B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0069B952
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006642DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: gTU8ed4669.exe PID: 5804, type: MEMORYSTR
    Source: gTU8ed4669.exeBinary or memory string: WIN_81
    Source: gTU8ed4669.exeBinary or memory string: WIN_XP
    Source: gTU8ed4669.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: gTU8ed4669.exeBinary or memory string: WIN_XPe
    Source: gTU8ed4669.exeBinary or memory string: WIN_VISTA
    Source: gTU8ed4669.exeBinary or memory string: WIN_7
    Source: gTU8ed4669.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: gTU8ed4669.exe PID: 5804, type: MEMORYSTR
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006E1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_006E1204
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_006E1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_006E1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		3
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578932 Sample: gTU8ed4669.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 gTU8ed4669.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 224 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49711, 49712 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49713, 49720, 49722 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    gTU8ed4669.exe29%ReversingLabsWin32.Trojan.Generic
    gTU8ed4669.exe100%AviraTR/ATRAPS.Gen
    gTU8ed4669.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.129
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.1.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.78
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		216.58.208.238
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.193.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.3296341332.0000015AEACC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2288848334.000002202C2B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2134499461.000002202C6BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288984203.000002202C0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153525536.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299181035.000002202C0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2151742690.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2145618024.000002202C611000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2117389844.000002202C988000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                              		high
                                                                              https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096359911.000002203303C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                  		high
                                                                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000011.00000002.3294077577.00000249D2886000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000E.00000003.2106199226.000002202DBBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247376517.00000220332D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122598228.000002202DBBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2109795667.000002202C770000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2079809957.000002202B838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079968158.000002202B853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079526060.000002202B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080106662.000002202B86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080235908.000002202B88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2287278660.000002202C794000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079526060.000002202B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080106662.000002202B86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080235908.000002202B88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.msn.comfirefox.exe, 0000000E.00000003.2279118945.000002202EAC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2079809957.000002202B838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079968158.000002202B853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079526060.000002202B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2080106662.000002202B86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://youtube.com/firefox.exe, 0000000E.00000003.2109432799.0000022035071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280507165.000002202D9FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275834290.0000022035071000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2288598323.000002202C2E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2291443485.000002202DCA3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2https:firefox.exe, 0000000E.00000003.2107937988.000002202C17B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.amazon.com/firefox.exe, 0000000E.00000003.2239491761.0000022034961000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/firefox.exe, 0000000E.00000003.2109795667.000002202C794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282188023.000002202D7E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D2803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3296341332.0000015AEAC0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2129466698.000002202C594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2287278660.000002202C792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.3296341332.0000015AEACC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://127.0.0.1:firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2118429274.000002202BFDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://bugzilla.mofirefox.exe, 0000000E.00000003.2291521039.00000220332D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272378276.00000220349BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.2287278660.000002202C794000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2287278660.000002202C770000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 0000000E.00000003.2294114921.0000022034AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000010.00000002.3296124343.0000025621EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3294077577.00000249D28E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3300089921.0000015AEAE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://spocs.getpocket.com/firefox.exe, 00000012.00000002.3296341332.0000015AEAC13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000012.00000002.3295240956.0000015AEAB40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2250440026.000002202C5E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259618438.000002202C820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118429274.000002202BFE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234653949.000002202BF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140241683.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108406550.00000220285EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2150299705.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241787336.000002202BF38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240544463.0000022033578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223540961.00000220337CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134984665.000002202C6C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2116190189.00000220337CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131017429.000002202C6C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204652415.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279118945.000002202EA5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2152106461.000002202C6BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129269435.000002202C5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2088142380.000002202B6FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2219906420.000002202B6F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263083302.000002202C87D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133872961.000002202C6C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2279118945.000002202EAC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2279118945.000002202EAC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2240922053.0000022032F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122178575.0000022032F2A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2294936408.0000022033656000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277610282.000002203364E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2228986161.0000022033034000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2239491761.00000220349A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://profiler.firefox.comfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2290782937.000002202CC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282874537.000002202CC9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2278418877.0000022032EFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2129466698.000002202C594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125939035.000002202C9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2288984203.000002202C071000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240544463.000002203355F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2122598228.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2106199226.000002202DBE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280446365.000002202DBE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2267738363.00000220370B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://www.google.com/searchfirefox.exe, 0000000E.00000003.2119826704.0000022033675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2108035549.000002202C167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2079661456.000002202B81D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                http://json-schema.org/draft-07/schema#-firefox.exe, 0000000E.00000003.2304800029.0000022033227000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278283960.000002203320B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.3295483906.0000025621C80000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3298093281.00000249D2930000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3296000356.0000015AEAB70000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://twitter.com/firefox.exe, 0000000E.00000003.2239491761.0000022034961000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 0000000E.00000003.2131111540.000002202C66F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          151.101.1.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.78
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1578932
                                                                                                                                                                                                                                                                          Start date and time:2024-12-20 16:47:38 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 12s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:gTU8ed4669.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:2177e5dd54a3815b8535b4e6902c1777.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/34@68/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 40%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                                                                                          • Number of executed functions: 50
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 286
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 44.240.87.158, 44.228.225.150, 52.40.120.141, 172.217.17.46, 88.221.134.209, 88.221.134.155, 142.250.181.138, 23.218.208.109, 13.107.246.63, 20.12.23.50
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target firefox.exe, PID 5652 because there are no executed function
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: gTU8ed4669.exe

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          10:48:36API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                        do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              151.101.1.91do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  34.149.100.209ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                    http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      example.orgghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comhttps://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      https://www.grapevine.org/join/next-gen-giving-circle-dcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      http://johnlewispartners.shopGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                      YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      twitter.comghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      FASTLYUShttps://dnearymedahealthstaffing.wordpress.com/medahealthstaffing-proposal/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                      http://northwesthousingservices.discussripped.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                      mniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                      58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                                                                                                                                      https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.138
                                                                                                                                                                                                                                                                                                                                      Invoice for 04-09-24 fede39.admr.org.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                                                                                                                                      https://alphaarchitect.com/2024/12/long-term-expected-returns/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 199.232.168.157
                                                                                                                                                                                                                                                                                                                                      Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 185.199.108.153
                                                                                                                                                                                                                                                                                                                                      https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 199.232.168.157
                                                                                                                                                                                                                                                                                                                                      https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2FpaymentGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSG58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.39.58
                                                                                                                                                                                                                                                                                                                                      http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.67.216.185
                                                                                                                                                                                                                                                                                                                                      main1.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUSmniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                                                                                                                      • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                      nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 51.173.247.160
                                                                                                                                                                                                                                                                                                                                      nsharm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.0.71.142
                                                                                                                                                                                                                                                                                                                                      nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 48.200.113.249
                                                                                                                                                                                                                                                                                                                                      SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                      hmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 51.238.254.102
                                                                                                                                                                                                                                                                                                                                      SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                      arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 57.50.158.22
                                                                                                                                                                                                                                                                                                                                      nsharm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 33.241.131.44
                                                                                                                                                                                                                                                                                                                                      la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 56.198.189.231

                                                                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_ad34b7d0-5e65-4be7-8a59-e58b50402c11.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.178082351681006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:cKMX2wjcbhbVbTbfbRbObtbyEl7ncrpJA6wnSrDtTkd/SC:cPrcNhnzFSJ8rEjnSrDhkd/j
                                                                                                                                                                                                                                                                                                                                                          MD5:0C05D686DEAC57F8A094E01DFE0BD19F
                                                                                                                                                                                                                                                                                                                                                          SHA1:93027490CB2D25907ABAAB931D94646FBF615A6C
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D52AD067D65427C52708B01B7099D1350AA03D90DDB552A77BF15CF7C8E8EFD0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:E5263C8E80F95A33B1172D1B500D0F1326D036A21C9F84A8FD19E3C73ABB973D4DB18B204C2273B09E3836E2A6612925FAA69BF34EBECDA70B36D3C9460FBD13
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"ad34b7d0-5e65-4be7-8a59-e58b50402c11","creationDate":"2024-12-20T17:31:32.057Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_ad34b7d0-5e65-4be7-8a59-e58b50402c11.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.178082351681006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:cKMX2wjcbhbVbTbfbRbObtbyEl7ncrpJA6wnSrDtTkd/SC:cPrcNhnzFSJ8rEjnSrDhkd/j
                                                                                                                                                                                                                                                                                                                                                          MD5:0C05D686DEAC57F8A094E01DFE0BD19F
                                                                                                                                                                                                                                                                                                                                                          SHA1:93027490CB2D25907ABAAB931D94646FBF615A6C
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D52AD067D65427C52708B01B7099D1350AA03D90DDB552A77BF15CF7C8E8EFD0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:E5263C8E80F95A33B1172D1B500D0F1326D036A21C9F84A8FD19E3C73ABB973D4DB18B204C2273B09E3836E2A6612925FAA69BF34EBECDA70B36D3C9460FBD13
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"ad34b7d0-5e65-4be7-8a59-e58b50402c11","creationDate":"2024-12-20T17:31:32.057Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.926688184128916
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNYd9p3xE:8S+OVPUFRbOdwNIOdYpjvY1Q6Lz/8P
                                                                                                                                                                                                                                                                                                                                                          MD5:1A04D7CCDAA5CD6DD9C843D4F3E81860
                                                                                                                                                                                                                                                                                                                                                          SHA1:70AB22521BB81B32091F5E35EE22A3DE382A6D25
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F55D501648CC19E7BBD1FA01B3D6FB5FCA9AAA822DC75F923EB954F4D12BB675
                                                                                                                                                                                                                                                                                                                                                          SHA-512:E0D5A6FEF46D09D14107254355DE52FE82FD730B4E3350570B483EF7624F448232DB9E84BD093ED158DC33C7D950DFA14F7FF6F1EB424259F8069E72EAA19B14
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.926688184128916
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNYd9p3xE:8S+OVPUFRbOdwNIOdYpjvY1Q6Lz/8P
                                                                                                                                                                                                                                                                                                                                                          MD5:1A04D7CCDAA5CD6DD9C843D4F3E81860
                                                                                                                                                                                                                                                                                                                                                          SHA1:70AB22521BB81B32091F5E35EE22A3DE382A6D25
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F55D501648CC19E7BBD1FA01B3D6FB5FCA9AAA822DC75F923EB954F4D12BB675
                                                                                                                                                                                                                                                                                                                                                          SHA-512:E0D5A6FEF46D09D14107254355DE52FE82FD730B4E3350570B483EF7624F448232DB9E84BD093ED158DC33C7D950DFA14F7FF6F1EB424259F8069E72EAA19B14
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                          • Filename: ghostspider.7z, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.07329789247562632
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki+:DLhesh7Owd4+ji+
                                                                                                                                                                                                                                                                                                                                                          MD5:7D31CFE10DA354D7A8FBD320C590A86B
                                                                                                                                                                                                                                                                                                                                                          SHA1:7256103A3473B1BE77FAB4D714FBB3AA87EF64B3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:56A753486E089386B4EC62448D4DF998E6D04CE3DF86FC4EBE8AD3B0683DF048
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A53E2972DCCDAD997ABD109AE7A8AE164A48E6F8C3982E15C834960FBBD990A7FB823E909421800693C3BF024AF81B6703DAAB2BC91BECAC67261EC4F1EC202C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:GtlstFWf247y8806Y/tlstFWf247y8806h89//alEl:GtWtUOelh7tWtUOelhk89XuM
                                                                                                                                                                                                                                                                                                                                                          MD5:86F2A60BCC4E0594BAB1B3BF90E87051
                                                                                                                                                                                                                                                                                                                                                          SHA1:BD941DD2FBB37F5E25B5FBFD09EE5126F5B0C4F9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:0E8EA0F02C8622BA61BAF8FFD579469FC8427B18BAD05C0CD2F92B00F22A58C0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F571BD8061EA43768DC8EA5E616C0C65045E1FDBBB96F5DC6C9D33027E10F3098AEC614F9253F8C846CFB6D5F28E9957496C18144313FEFAEBBC1B112CDF26E3
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-.....................AC..<..hG(A.#..M/..5...`..-.....................AC..<..hG(A.#..M/..5...`........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04001911727921433
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Ol12pSFlyllfibpE6/57l8rEXsxdwhml8XW3R2:Kop5lWpxl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                          MD5:A36A38FB9C62174B8F2713E0A0EB1E0E
                                                                                                                                                                                                                                                                                                                                                          SHA1:A5B704905AC3A1327A5EB18C395C19DDA3FA3ACC
                                                                                                                                                                                                                                                                                                                                                          SHA-256:2C26F251C3EF3DEB7492AE78016756F45821982BE3DCDF14ECF02A900213CC44
                                                                                                                                                                                                                                                                                                                                                          SHA-512:0D9B3C84FCAF2871AB9F27B9D5315E2CD2C0A2B1E8C4120549611690DB61811175FD3B5CFA96173938FCC1799B65D45FB127BA88C409B6A2E84CFD0F024E59D9
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:7....-..........G(A.#..M..+Z..."........G(A.#..M.CAh..<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.478533794290617
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:xnPOeRnLYbBp6CJ0aX+c6SEXKarNrS5RHWNBw8dHSl:FDezJUPrR+HEwM0
                                                                                                                                                                                                                                                                                                                                                          MD5:41456221668498A8D0B047363DB4492F
                                                                                                                                                                                                                                                                                                                                                          SHA1:B1197D83F851ABBEE801A3F6DF7142D96F5C6CA4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:82DAA5CCD13220E62F6FF34C983BF7459144E05AFAD29F1CCA207551B91CEA8D
                                                                                                                                                                                                                                                                                                                                                          SHA-512:9A2E61D6F3FB83F26F2344008749249C4970C06D8AA8D2581D3BDD28E1B6617FF135485223114870E00A986A89CA14A5F2AB4B9C90D62F81B82D6F04744F50E9
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734715863);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734715863);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734715863);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173471

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.478533794290617
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:xnPOeRnLYbBp6CJ0aX+c6SEXKarNrS5RHWNBw8dHSl:FDezJUPrR+HEwM0
                                                                                                                                                                                                                                                                                                                                                          MD5:41456221668498A8D0B047363DB4492F
                                                                                                                                                                                                                                                                                                                                                          SHA1:B1197D83F851ABBEE801A3F6DF7142D96F5C6CA4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:82DAA5CCD13220E62F6FF34C983BF7459144E05AFAD29F1CCA207551B91CEA8D
                                                                                                                                                                                                                                                                                                                                                          SHA-512:9A2E61D6F3FB83F26F2344008749249C4970C06D8AA8D2581D3BDD28E1B6617FF135485223114870E00A986A89CA14A5F2AB4B9C90D62F81B82D6F04744F50E9
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734715863);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734715863);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734715863);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173471

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.366549638912707
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS1YLXnIr4I/pnxQwRcWT5sKmgb0V3eHVpjO+3amhu7JJwO2c0TSO6v:GUpOxLYnRcoegG3erjx3YJwcnO6BtR
                                                                                                                                                                                                                                                                                                                                                          MD5:5E877A24C39ACA2AAE4AD8611F7FFD72
                                                                                                                                                                                                                                                                                                                                                          SHA1:8F0C5A36039C11CB793B4E965FADDBD47E1E19B9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B9BED5355B9867C9B0B8F5BA2F63DCBE7AFF7C613429A72D64D239890329C4DA
                                                                                                                                                                                                                                                                                                                                                          SHA-512:35570F5E6CF16E2B3A1DE2A428C8087269E8656E746CF1AE8F0DD5EF8E8EEE3200A7EBBA38909C828083F6A0E016AEA5D355DBE399623F0EA6EC7A094F672352
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{8deb2a77-38bb-464f-9c81-bece0757c675}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734715866585,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P31932...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...34839,"originA...."f

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.366549638912707
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS1YLXnIr4I/pnxQwRcWT5sKmgb0V3eHVpjO+3amhu7JJwO2c0TSO6v:GUpOxLYnRcoegG3erjx3YJwcnO6BtR
                                                                                                                                                                                                                                                                                                                                                          MD5:5E877A24C39ACA2AAE4AD8611F7FFD72
                                                                                                                                                                                                                                                                                                                                                          SHA1:8F0C5A36039C11CB793B4E965FADDBD47E1E19B9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B9BED5355B9867C9B0B8F5BA2F63DCBE7AFF7C613429A72D64D239890329C4DA
                                                                                                                                                                                                                                                                                                                                                          SHA-512:35570F5E6CF16E2B3A1DE2A428C8087269E8656E746CF1AE8F0DD5EF8E8EEE3200A7EBBA38909C828083F6A0E016AEA5D355DBE399623F0EA6EC7A094F672352
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{8deb2a77-38bb-464f-9c81-bece0757c675}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734715866585,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P31932...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...34839,"originA...."f

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.366549638912707
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS1YLXnIr4I/pnxQwRcWT5sKmgb0V3eHVpjO+3amhu7JJwO2c0TSO6v:GUpOxLYnRcoegG3erjx3YJwcnO6BtR
                                                                                                                                                                                                                                                                                                                                                          MD5:5E877A24C39ACA2AAE4AD8611F7FFD72
                                                                                                                                                                                                                                                                                                                                                          SHA1:8F0C5A36039C11CB793B4E965FADDBD47E1E19B9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B9BED5355B9867C9B0B8F5BA2F63DCBE7AFF7C613429A72D64D239890329C4DA
                                                                                                                                                                                                                                                                                                                                                          SHA-512:35570F5E6CF16E2B3A1DE2A428C8087269E8656E746CF1AE8F0DD5EF8E8EEE3200A7EBBA38909C828083F6A0E016AEA5D355DBE399623F0EA6EC7A094F672352
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{8deb2a77-38bb-464f-9c81-bece0757c675}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734715866585,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P31932...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...34839,"originA...."f

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                          MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                          SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.029554333855263
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:ycQMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:XTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                          MD5:0612B4FD63690C0A01A484079B58714E
                                                                                                                                                                                                                                                                                                                                                          SHA1:131FAEBB9D61458CDE8F71627B84710F6272F60F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:EBE03BF99F0477AB2A201FC1D1B88FD63BEA13D045203C2ABC723E2D8F0AAD38
                                                                                                                                                                                                                                                                                                                                                          SHA-512:6F46E7E4A2951224895B8CA261FCCD9A11BC44D78D6599A7F712893C7C0870842B36B1642AF8EC3314C3B58AC69084D0B289AEA12E9A0A339C10C22F1CDF42D3
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T17:30:50.493Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.029554333855263
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:ycQMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:XTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                          MD5:0612B4FD63690C0A01A484079B58714E
                                                                                                                                                                                                                                                                                                                                                          SHA1:131FAEBB9D61458CDE8F71627B84710F6272F60F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:EBE03BF99F0477AB2A201FC1D1B88FD63BEA13D045203C2ABC723E2D8F0AAD38
                                                                                                                                                                                                                                                                                                                                                          SHA-512:6F46E7E4A2951224895B8CA261FCCD9A11BC44D78D6599A7F712893C7C0870842B36B1642AF8EC3314C3B58AC69084D0B289AEA12E9A0A339C10C22F1CDF42D3
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T17:30:50.493Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.702443906803454
                                                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                          File name:gTU8ed4669.exe
                                                                                                                                                                                                                                                                                                                                                          File size:970'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5:2177e5dd54a3815b8535b4e6902c1777
                                                                                                                                                                                                                                                                                                                                                          SHA1:1cc1940a436cfa997f221ac2b16dfe57d7d0da11
                                                                                                                                                                                                                                                                                                                                                          SHA256:47ea422d6bd14500cf0851c83895445560363a19beddd3a8e9500922f217240a
                                                                                                                                                                                                                                                                                                                                                          SHA512:0fb608af6cda960f0cc03208b56851ba2d02c75f932b239a543e21e4dac489ee1cfcec19d099019f91b9e070959b143514aea5203fee1eccb1538f797cff2ef1
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8a5U3F:rTvC/MTQYxsWR7a5U
                                                                                                                                                                                                                                                                                                                                                          TLSH:F4259E0273D1C062FF9B92334B5AF6515BBC69260123E62F13A81D79BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                                                                                          Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                          Time Stamp:0x676498DB [Thu Dec 19 22:06:19 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                                                          call 00007F662CC3BA43h
                                                                                                                                                                                                                                                                                                                                                          jmp 00007F662CC3B34Fh
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007F662CC3B52Dh
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007F662CC3B4FAh
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          add eax, 04h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F662CC3E0EDh
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F662CC3E138h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F662CC3E121h
                                                                                                                                                                                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                          pop ecx

                                                                                                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x1625c.rsrc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                          .rsrc0xd40000x1625c0x16400f3b937ae26be81bea2f5e5dace4c863bFalse0.6997344627808989data7.171885459246731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                          RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                          RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                          RT_RCDATA0xdc8fc0xd3e0data1.0004793510324483
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe9cdc0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe9d540x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe9d680x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe9d7c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_VERSION0xe9d900xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                          RT_MANIFEST0xe9e6c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                          UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                          EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.836854935 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.836911917 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.838134050 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.887229919 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.887276888 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.510162115 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.510221004 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.510369062 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.510430098 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.516711950 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.516783953 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.521142006 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.521159887 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.522573948 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.522602081 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.529397964 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.648937941 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.664125919 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.664596081 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.784151077 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.142571926 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.150422096 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.211819887 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.211843967 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.211965084 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.212107897 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.216332912 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270078897 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270143032 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270390034 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270490885 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270498991 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270601988 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270613909 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.270890951 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.272268057 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.272294044 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.273555040 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.273659945 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.273792028 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.275230885 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.275279999 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.751204967 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.800616026 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.935323000 CET49719443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.935369968 CET4434971934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.938760042 CET49719443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.940356970 CET49719443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.940368891 CET4434971934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.021914959 CET4972080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.141988039 CET804972034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.142788887 CET4972080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.142962933 CET4972080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.239283085 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.239299059 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.239368916 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.239551067 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.239727020 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.240309000 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.240506887 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.241161108 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.241162062 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.246397018 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.246406078 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.246491909 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.246676922 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.247051954 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.248462915 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.248475075 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.248539925 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.248804092 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.248858929 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.262401104 CET804972034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.485886097 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.485985994 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.489310026 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.489339113 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.489625931 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.492537975 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.492631912 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.492714882 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.492791891 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.508824110 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.516330957 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.519010067 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.523349047 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.524343967 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.527771950 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.527822971 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.527863979 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.528601885 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.528662920 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.529520988 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.529526949 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.529584885 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.529800892 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.529850006 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.055279016 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.175579071 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.176597118 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.177675009 CET4434971934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.178005934 CET49719443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.182027102 CET49719443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.182051897 CET4434971934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.182107925 CET49719443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.182332993 CET4434971934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.182424068 CET49719443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.207532883 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.207585096 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.217973948 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.220046043 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.220066071 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.242343903 CET804972034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.247056961 CET4972080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.299499989 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.348180056 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.348232031 CET4434972334.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.348346949 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.348490953 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.348500013 CET4434972334.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.366944075 CET804972034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.367480993 CET4972080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.419004917 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.419106007 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.419300079 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.437179089 CET49724443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.437235117 CET4434972434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.437397957 CET49724443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.438817978 CET49724443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.438833952 CET4434972434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.539163113 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.443187952 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.443206072 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.446366072 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.450455904 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.450474024 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.450579882 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.450741053 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.451021910 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.451069117 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.461950064 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.462048054 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.463625908 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.463639975 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.542287111 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.593466997 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.594229937 CET4434972334.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.597101927 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.600069046 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.600112915 CET4434972334.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.600558996 CET4434972334.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.603761911 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.603872061 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.604023933 CET4434972334.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.604088068 CET49723443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.674860954 CET4434972434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.674957037 CET49724443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.681796074 CET49724443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.681796074 CET49724443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.681834936 CET4434972434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.682086945 CET4434972434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.682154894 CET49724443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.030222893 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.032073021 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.149877071 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.152265072 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.152383089 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.152543068 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.170279026 CET49728443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.170329094 CET4434972834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.170578957 CET49728443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.171886921 CET49728443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.171902895 CET4434972834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.274044037 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.354038954 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.411716938 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.713004112 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.713021994 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.726233006 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.730777025 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.730777025 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.730791092 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.731571913 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.731924057 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.243122101 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.293150902 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.388465881 CET4434972834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.393655062 CET49728443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.404577017 CET49728443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.404649973 CET4434972834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.404699087 CET49728443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.404932976 CET4434972834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.409956932 CET49728443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.450788021 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.451159954 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.570465088 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.570664883 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.584577084 CET49730443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.584670067 CET4434973034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.594204903 CET49730443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.595875978 CET49730443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.595901012 CET4434973034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.648082972 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.648142099 CET4434973135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.648325920 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.648480892 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.648499012 CET4434973135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.765681982 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.765703917 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.772429943 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.813613892 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.889461994 CET49732443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.889560938 CET4434973234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.890479088 CET49732443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.891974926 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.892724991 CET49732443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.892766953 CET4434973234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.088465929 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.139076948 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.809761047 CET4434973034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.809776068 CET4434973034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.809853077 CET49730443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.816987038 CET49730443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.817013979 CET4434973034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.817137957 CET49730443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.817140102 CET4434973034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.817154884 CET4434973034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.822168112 CET49730443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.859421968 CET4434973135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.859507084 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.863389015 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.863410950 CET4434973135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.863645077 CET4434973135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.867578030 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.867708921 CET4434973135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.867723942 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.867737055 CET4434973135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.867762089 CET49731443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.118601084 CET4434973234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.118680000 CET49732443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.167450905 CET49732443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.167474031 CET4434973234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.167623043 CET49732443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.167828083 CET4434973234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.168334007 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.168396950 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.168405056 CET49732443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.168617964 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.170624018 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:43.170644999 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:44.384366035 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:44.384460926 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:44.391144037 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:44.391175032 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:44.391280890 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:44.391452074 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:44.393994093 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.047293901 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.074242115 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.074309111 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.080199957 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.081851006 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.081868887 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.121835947 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.121906996 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.124002934 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.124037981 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.124258995 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.124295950 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.125320911 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.125735044 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.125737906 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.127309084 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.127348900 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.127538919 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.127568960 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.127603054 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.127613068 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.166980982 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.362723112 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.414932966 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.334891081 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.335014105 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.339225054 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.339261055 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.339344978 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.339442015 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.339636087 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.344718933 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.345076084 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.346270084 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.346792936 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.348637104 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.349776983 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.351203918 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.351217985 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.351540089 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353305101 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353317022 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353374958 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353389025 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353534937 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353586912 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353684902 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.353696108 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.358006001 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.358102083 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.358227968 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.359138966 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.359353065 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.359353065 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.359519958 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.360028982 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.559331894 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:46.559396029 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.478676081 CET49742443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.478715897 CET4434974234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.481026888 CET49742443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.482397079 CET49742443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.482420921 CET4434974234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.882138014 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.884742022 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.884783983 CET4434974434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.889309883 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.889477015 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.889487982 CET4434974434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.001854897 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.143356085 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.200612068 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.260804892 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.265467882 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.350564957 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.350615025 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.359117985 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.359390020 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.359402895 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.487452030 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.530436993 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.713896990 CET4434974234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.714001894 CET49742443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.718092918 CET49742443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.718092918 CET49742443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.718128920 CET4434974234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.718365908 CET4434974234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.718466043 CET49742443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.114989996 CET4434974434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.115097046 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.117945910 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.117957115 CET4434974434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.118350029 CET4434974434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.120692015 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.120812893 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.120881081 CET4434974434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.124768019 CET49744443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.575813055 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.575829983 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.575939894 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.579384089 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.579395056 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.579663038 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.582362890 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.582453012 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.582525969 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:51.582621098 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.022949934 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.127619028 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.129679918 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.129774094 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.130907059 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.132436991 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.132483006 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.143393993 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.247241974 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.341672897 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.398443937 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.442840099 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.498883963 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.156416893 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.276186943 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.493659019 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.539556980 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.583179951 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.583338022 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.072704077 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.072782040 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.072824001 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.073127985 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.073232889 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.870424032 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.990127087 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.186330080 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.244698048 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.706985950 CET49763443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.707039118 CET4434976334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.707660913 CET49763443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.709414005 CET49763443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.709428072 CET4434976334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.390667915 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.510564089 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.705360889 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.749177933 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.920836926 CET4434976334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.927328110 CET4434976334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.927542925 CET49763443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.933619976 CET49763443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.933634996 CET4434976334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.933742046 CET49763443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.933809996 CET4434976334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.935589075 CET49763443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.938806057 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.058432102 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.254199028 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.258538008 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.297442913 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.379055977 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.574086905 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.629564047 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:59.980616093 CET49774443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:59.980664015 CET4434977434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:59.980849028 CET49774443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:59.982290983 CET49774443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:59.982306957 CET4434977434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.198908091 CET4434977434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.199012995 CET49774443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.204133034 CET49774443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.204157114 CET4434977434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.204262018 CET49774443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.204296112 CET4434977434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.204523087 CET49774443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.207858086 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.327531099 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.524709940 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.530366898 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.579044104 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.650003910 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.845196962 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.895593882 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.044672966 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.044714928 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.050647020 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.050821066 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.050833941 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.078783989 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.078831911 CET4434978634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.086195946 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.086632967 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.086647034 CET4434978634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.106107950 CET49787443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.106131077 CET4434978735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.108659983 CET49787443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.110286951 CET49787443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.110301018 CET4434978735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.209184885 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.209235907 CET44349788151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.209567070 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.209721088 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.209733963 CET44349788151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.250348091 CET49789443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.250401020 CET4434978935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.250493050 CET49789443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.257078886 CET49789443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.257110119 CET4434978935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.344774961 CET4434978634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.344791889 CET4434978634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.344952106 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.345407009 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.345554113 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.348541975 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.348555088 CET4434978634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.348961115 CET4434978634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.350410938 CET4434978735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.350492001 CET49787443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.351723909 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.351747036 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.352224112 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.356297016 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.356559992 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.356609106 CET4434978634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.356676102 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.356755972 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.356868029 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.360202074 CET49787443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.360210896 CET4434978735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.360279083 CET49787443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.360322952 CET4434978735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.361376047 CET49786443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.361393929 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.361411095 CET49787443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.364337921 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.422899008 CET44349788151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.422997952 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.426281929 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.426295042 CET44349788151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.426501036 CET44349788151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.429295063 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.429430008 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.429507017 CET44349788151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.429644108 CET49788443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.438870907 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.438931942 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.439927101 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.440063953 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.440083981 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.441859007 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.441910982 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.442182064 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.442286015 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.442302942 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.444830894 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.444932938 CET4434979735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.445100069 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.445183039 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.445213079 CET4434979735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.471786022 CET4434978935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.477310896 CET49789443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.484131098 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.487786055 CET49789443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.487816095 CET4434978935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.487965107 CET49789443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.488018990 CET4434978935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.488178015 CET49789443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.488565922 CET49798443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.488604069 CET4434979835.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.488682032 CET49798443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.490115881 CET49798443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.490124941 CET4434979835.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.679657936 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.683906078 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.731344938 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.803949118 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.004527092 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.047913074 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.702967882 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.703142881 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.707360029 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.707390070 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.707756996 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.710952044 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.711075068 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.711122036 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.712956905 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.716756105 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.727293015 CET4434979735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.727392912 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.729358912 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.729500055 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.730143070 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.730154037 CET4434979735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.731247902 CET4434979735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.733475924 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.733525991 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.733834982 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.737121105 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.737243891 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.737272978 CET4434979735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.737611055 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.737689018 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.737771034 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.738100052 CET49797443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.738111973 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.772290945 CET4434979835.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.772403955 CET49798443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.778331995 CET49798443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.778357029 CET4434979835.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.778434992 CET49798443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.778600931 CET4434979835.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.779524088 CET49798443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.793668032 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.793741941 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.793883085 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.794334888 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.794362068 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.836378098 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.032320976 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.036917925 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.082226992 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.156554937 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.352323055 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.405364990 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.018934965 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.019038916 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.023194075 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.023205996 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.023454905 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.026729107 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.026863098 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.026879072 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.026890993 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.027255058 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.030342102 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.150074005 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.345506907 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.349013090 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.386220932 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.468699932 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.663789034 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.709340096 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:19.352303982 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:19.472727060 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:19.668920040 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:19.788599968 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.348484993 CET49836443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.348525047 CET4434983634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.348841906 CET49836443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.350332975 CET49836443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.350349903 CET4434983634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.569662094 CET4434983634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.569983959 CET49836443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.575107098 CET49836443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.575119019 CET4434983634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.575236082 CET49836443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.575372934 CET4434983634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.576951981 CET49836443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.579224110 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.698736906 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.894365072 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.900373936 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.947364092 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:23.020078897 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:23.215476036 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:23.279376984 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.535912991 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.655410051 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.850680113 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.854104996 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.891897917 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.975770950 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.171278000 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.224107981 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.664833069 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.664885998 CET4434986434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.665874958 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.666045904 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.666063070 CET4434986434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.666953087 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.666987896 CET4434986534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.678621054 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.678878069 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.678891897 CET4434986534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.882519007 CET4434986434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.882756948 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.885953903 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.885967970 CET4434986434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.886223078 CET4434986434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.888484955 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.888618946 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.888631105 CET4434986434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.888835907 CET49864443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.890784025 CET4434986534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.890789986 CET4434986534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.892975092 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.893718958 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.896790981 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.896797895 CET4434986534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.897046089 CET4434986534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.899429083 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.899555922 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.899647951 CET4434986534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.899732113 CET49865443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.012518883 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.207672119 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.213170052 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.261209011 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.333002090 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.528573036 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.584362030 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:45.212030888 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:45.331593037 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:45.544254065 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:45.663819075 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:55.356622934 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:55.476301908 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:55.673044920 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:55.792737007 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.812644005 CET49935443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.812680006 CET4434993534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.813730001 CET49935443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.815340996 CET49935443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.815351009 CET4434993534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.053172112 CET4434993534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.053272009 CET49935443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.058578968 CET49935443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.058588028 CET4434993534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.058734894 CET49935443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.058806896 CET4434993534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.059675932 CET49935443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.061883926 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.181435108 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.477468967 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.482446909 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.530008078 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.601927042 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.797243118 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.846570015 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:14.495517969 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:14.615113020 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:14.812112093 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:14.931626081 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:24.624931097 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:24.750988960 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:24.940980911 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:25.060935020 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:34.756980896 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:34.876507998 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:35.073530912 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:35.194210052 CET804972734.107.221.82192.168.2.5

                                                                                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.862296104 CET5516753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.002150059 CET53551671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.003201962 CET5976853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.142349958 CET53597681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.341845036 CET6469753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.342261076 CET5770453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.480633020 CET53646971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.528558969 CET6226453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.543344021 CET5395253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.665765047 CET53622641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.666416883 CET5051853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.682539940 CET53539521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.703834057 CET5949853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.803570032 CET53505181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.841021061 CET53594981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.127945900 CET5215853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.128539085 CET5927453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.267566919 CET53592741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.268174887 CET53521581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.273181915 CET6351853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.273322105 CET5011453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.274173975 CET5403353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.410027981 CET53635181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.410617113 CET53501141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.410949945 CET6472653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.411439896 CET5526653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.414230108 CET53540331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.414797068 CET6000953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.463516951 CET5489253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.498058081 CET5173453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.548300028 CET53647261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.549221992 CET53552661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.552237988 CET53600091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.637980938 CET53517341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.639214993 CET5947553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.777131081 CET53594751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.777873993 CET5060353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.800905943 CET6289853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.804071903 CET4983353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.883703947 CET5317053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.914712906 CET53506031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.939450979 CET53628981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.941308975 CET53498331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.039974928 CET53582771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.206197023 CET5098353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.346128941 CET53509831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.348368883 CET6314453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.437427998 CET6510853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.488065004 CET53631441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.489815950 CET5996053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.575881004 CET53651081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.577370882 CET5518353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.628751993 CET53599601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.714637995 CET53551831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.455578089 CET5527853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.593081951 CET53552781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.647770882 CET5666453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.744220018 CET6462453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.788511038 CET53566641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.809900045 CET5219953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.885499001 CET53646241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.890269041 CET6302453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.947082996 CET53521991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.948148012 CET5127153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.027393103 CET53630241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.028389931 CET6546853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.086196899 CET53512711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.169315100 CET53654681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.073035955 CET5369953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.125106096 CET6360053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.211070061 CET53536991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.262290955 CET53636001.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.483064890 CET5686053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.483376980 CET5752153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.483648062 CET5204353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET53568601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620872974 CET53520431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.622831106 CET53575211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.879455090 CET5677453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.880093098 CET6012153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.880310059 CET5503753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET53567741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018196106 CET53550371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018834114 CET6091053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.019414902 CET53601211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.019433975 CET5181253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.019944906 CET5735753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.156676054 CET53609101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.157001972 CET53518121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.157336950 CET53573571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.157644987 CET5808653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.158041954 CET6257953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.159161091 CET5520853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296268940 CET53625791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296550989 CET53580861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.297050953 CET6094953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.297548056 CET5256353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.297915936 CET53552081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.441354036 CET53609491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.441369057 CET53525631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.442126036 CET6045653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.442219019 CET6313953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.578934908 CET53604561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.581208944 CET53631391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:59.980849028 CET6116253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:00.118757963 CET53611621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.044126987 CET4951753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.069726944 CET6219653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.111444950 CET5583453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.182560921 CET53495171.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.187663078 CET5118853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.207770109 CET53621961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.209517956 CET5813653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.249037027 CET53558341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.250618935 CET5984453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.324836969 CET53511881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.346802950 CET53581361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.347714901 CET5957653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.395390034 CET53598441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.397551060 CET5022353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.495927095 CET53595761.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.536914110 CET53502231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.348687887 CET6039453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.486051083 CET53603941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.579065084 CET5240853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.665327072 CET6486953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.802290916 CET53648691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.666197062 CET5984653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.803502083 CET53598461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.813620090 CET6059653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.951807976 CET53605961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.062169075 CET6417953192.168.2.51.1.1.1

                                                                                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.862296104 CET192.168.2.51.1.1.10xff7eStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.003201962 CET192.168.2.51.1.1.10xc4e0Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.341845036 CET192.168.2.51.1.1.10x2453Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.342261076 CET192.168.2.51.1.1.10x8c44Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.528558969 CET192.168.2.51.1.1.10x713dStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.543344021 CET192.168.2.51.1.1.10xfd1dStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.666416883 CET192.168.2.51.1.1.10xb9fdStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.703834057 CET192.168.2.51.1.1.10x66faStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.127945900 CET192.168.2.51.1.1.10xcad6Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.128539085 CET192.168.2.51.1.1.10x8891Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.273181915 CET192.168.2.51.1.1.10xc365Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.273322105 CET192.168.2.51.1.1.10x742aStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.274173975 CET192.168.2.51.1.1.10xbe47Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.410949945 CET192.168.2.51.1.1.10x5bd1Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.411439896 CET192.168.2.51.1.1.10x39a3Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.414797068 CET192.168.2.51.1.1.10xb581Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.463516951 CET192.168.2.51.1.1.10xe2a2Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.498058081 CET192.168.2.51.1.1.10x8e24Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.639214993 CET192.168.2.51.1.1.10x4d7cStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.777873993 CET192.168.2.51.1.1.10x327Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.800905943 CET192.168.2.51.1.1.10x2c41Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.804071903 CET192.168.2.51.1.1.10x1a5Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.883703947 CET192.168.2.51.1.1.10x95f0Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.206197023 CET192.168.2.51.1.1.10x9884Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.348368883 CET192.168.2.51.1.1.10x1737Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.437427998 CET192.168.2.51.1.1.10x7698Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.489815950 CET192.168.2.51.1.1.10x2834Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.577370882 CET192.168.2.51.1.1.10xea50Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.455578089 CET192.168.2.51.1.1.10x4499Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.647770882 CET192.168.2.51.1.1.10xb1e0Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.744220018 CET192.168.2.51.1.1.10xef37Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.809900045 CET192.168.2.51.1.1.10x9c02Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.890269041 CET192.168.2.51.1.1.10x47d5Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.948148012 CET192.168.2.51.1.1.10x4742Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.028389931 CET192.168.2.51.1.1.10xc8afStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.073035955 CET192.168.2.51.1.1.10x2c4dStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.125106096 CET192.168.2.51.1.1.10x7e91Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.483064890 CET192.168.2.51.1.1.10x24dbStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.483376980 CET192.168.2.51.1.1.10x941cStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.483648062 CET192.168.2.51.1.1.10x2fe5Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.879455090 CET192.168.2.51.1.1.10x68faStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.880093098 CET192.168.2.51.1.1.10xae69Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.880310059 CET192.168.2.51.1.1.10x8e3dStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018834114 CET192.168.2.51.1.1.10xa514Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.019433975 CET192.168.2.51.1.1.10x86a2Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.019944906 CET192.168.2.51.1.1.10x88deStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.157644987 CET192.168.2.51.1.1.10x8e13Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.158041954 CET192.168.2.51.1.1.10x7645Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.159161091 CET192.168.2.51.1.1.10xf3aeStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.297050953 CET192.168.2.51.1.1.10x22abStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.297548056 CET192.168.2.51.1.1.10xb964Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.442126036 CET192.168.2.51.1.1.10xb06dStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.442219019 CET192.168.2.51.1.1.10x4513Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:59.980849028 CET192.168.2.51.1.1.10xf539Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.044126987 CET192.168.2.51.1.1.10xa4e6Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.069726944 CET192.168.2.51.1.1.10x8cd9Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.111444950 CET192.168.2.51.1.1.10xf56dStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.187663078 CET192.168.2.51.1.1.10xcee1Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.209517956 CET192.168.2.51.1.1.10x6171Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.250618935 CET192.168.2.51.1.1.10xadabStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.347714901 CET192.168.2.51.1.1.10xc55aStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.397551060 CET192.168.2.51.1.1.10xd1e3Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:21.348687887 CET192.168.2.51.1.1.10xaf8eStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.579065084 CET192.168.2.51.1.1.10x9c0Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.665327072 CET192.168.2.51.1.1.10xa747Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.666197062 CET192.168.2.51.1.1.10x9ba8Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.813620090 CET192.168.2.51.1.1.10x422bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.062169075 CET192.168.2.51.1.1.10xe795Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:34.830507994 CET1.1.1.1192.168.2.50x9021No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.002150059 CET1.1.1.1192.168.2.50xff7eNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.480633020 CET1.1.1.1192.168.2.50x2453No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.480664968 CET1.1.1.1192.168.2.50x8c44No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.480664968 CET1.1.1.1192.168.2.50x8c44No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.665765047 CET1.1.1.1192.168.2.50x713dNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.682539940 CET1.1.1.1192.168.2.50xfd1dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.803570032 CET1.1.1.1192.168.2.50xb9fdNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.841021061 CET1.1.1.1192.168.2.50x66faNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.266927004 CET1.1.1.1192.168.2.50xe175No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.266927004 CET1.1.1.1192.168.2.50xe175No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.267566919 CET1.1.1.1192.168.2.50x8891No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.267566919 CET1.1.1.1192.168.2.50x8891No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.268174887 CET1.1.1.1192.168.2.50xcad6No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.410027981 CET1.1.1.1192.168.2.50xc365No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.410617113 CET1.1.1.1192.168.2.50x742aNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.414230108 CET1.1.1.1192.168.2.50xbe47No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.602596998 CET1.1.1.1192.168.2.50xe2a2No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.637980938 CET1.1.1.1192.168.2.50x8e24No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.777131081 CET1.1.1.1192.168.2.50x4d7cNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.939450979 CET1.1.1.1192.168.2.50x2c41No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.941308975 CET1.1.1.1192.168.2.50x1a5No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.941308975 CET1.1.1.1192.168.2.50x1a5No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.020895004 CET1.1.1.1192.168.2.50x95f0No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.020895004 CET1.1.1.1192.168.2.50x95f0No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.346128941 CET1.1.1.1192.168.2.50x9884No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.346128941 CET1.1.1.1192.168.2.50x9884No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.346128941 CET1.1.1.1192.168.2.50x9884No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.435583115 CET1.1.1.1192.168.2.50x3450No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.488065004 CET1.1.1.1192.168.2.50x1737No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.575881004 CET1.1.1.1192.168.2.50x7698No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.628751993 CET1.1.1.1192.168.2.50x2834No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.168690920 CET1.1.1.1192.168.2.50xf74No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.590703011 CET1.1.1.1192.168.2.50xa952No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.590703011 CET1.1.1.1192.168.2.50xa952No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.788511038 CET1.1.1.1192.168.2.50xb1e0No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.788511038 CET1.1.1.1192.168.2.50xb1e0No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.788511038 CET1.1.1.1192.168.2.50xb1e0No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.885499001 CET1.1.1.1192.168.2.50xef37No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.885499001 CET1.1.1.1192.168.2.50xef37No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.947082996 CET1.1.1.1192.168.2.50x9c02No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.027393103 CET1.1.1.1192.168.2.50x47d5No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620348930 CET1.1.1.1192.168.2.50x24dbNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620872974 CET1.1.1.1192.168.2.50x2fe5No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.620872974 CET1.1.1.1192.168.2.50x2fe5No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.622831106 CET1.1.1.1192.168.2.50x941cNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.622831106 CET1.1.1.1192.168.2.50x941cNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018006086 CET1.1.1.1192.168.2.50x68faNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.018196106 CET1.1.1.1192.168.2.50x8e3dNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.019414902 CET1.1.1.1192.168.2.50xae69No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.156676054 CET1.1.1.1192.168.2.50xa514No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.156676054 CET1.1.1.1192.168.2.50xa514No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.156676054 CET1.1.1.1192.168.2.50xa514No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.156676054 CET1.1.1.1192.168.2.50xa514No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.157001972 CET1.1.1.1192.168.2.50x86a2No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.157336950 CET1.1.1.1192.168.2.50x88deNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296268940 CET1.1.1.1192.168.2.50x7645No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296550989 CET1.1.1.1192.168.2.50x8e13No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296550989 CET1.1.1.1192.168.2.50x8e13No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296550989 CET1.1.1.1192.168.2.50x8e13No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296550989 CET1.1.1.1192.168.2.50x8e13No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.296550989 CET1.1.1.1192.168.2.50x8e13No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.349663019 CET1.1.1.1192.168.2.50x3288No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.441354036 CET1.1.1.1192.168.2.50x22abNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.441369057 CET1.1.1.1192.168.2.50xb964No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.441369057 CET1.1.1.1192.168.2.50xb964No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.441369057 CET1.1.1.1192.168.2.50xb964No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.441369057 CET1.1.1.1192.168.2.50xb964No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.265947104 CET1.1.1.1192.168.2.50x3e52No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.008820057 CET1.1.1.1192.168.2.50xfbNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.182560921 CET1.1.1.1192.168.2.50xa4e6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.207770109 CET1.1.1.1192.168.2.50x8cd9No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.207770109 CET1.1.1.1192.168.2.50x8cd9No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.207770109 CET1.1.1.1192.168.2.50x8cd9No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.207770109 CET1.1.1.1192.168.2.50x8cd9No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.249037027 CET1.1.1.1192.168.2.50xf56dNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.249037027 CET1.1.1.1192.168.2.50xf56dNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.346802950 CET1.1.1.1192.168.2.50x6171No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.346802950 CET1.1.1.1192.168.2.50x6171No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.346802950 CET1.1.1.1192.168.2.50x6171No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.346802950 CET1.1.1.1192.168.2.50x6171No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.395390034 CET1.1.1.1192.168.2.50xadabNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.495927095 CET1.1.1.1192.168.2.50xc55aNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.495927095 CET1.1.1.1192.168.2.50xc55aNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.495927095 CET1.1.1.1192.168.2.50xc55aNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:05.495927095 CET1.1.1.1192.168.2.50xc55aNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.290505886 CET1.1.1.1192.168.2.50x60f2No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.290505886 CET1.1.1.1192.168.2.50x60f2No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.716432095 CET1.1.1.1192.168.2.50x9c0No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.716432095 CET1.1.1.1192.168.2.50x9c0No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:02.803502083 CET1.1.1.1192.168.2.50x9ba8No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.205826998 CET1.1.1.1192.168.2.50xe795No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.205826998 CET1.1.1.1192.168.2.50xe795No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                          • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          0192.168.2.54971334.107.221.82805652C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:35.664596081 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:36.751204967 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 19982
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          1192.168.2.54972034.107.221.82805652C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:37.142962933 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.242343903 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 52810
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          2192.168.2.54972234.107.221.82805652C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:38.419300079 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:39.542287111 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 19985
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.030222893 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.354038954 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 19986
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.451159954 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.765703917 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 19987
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.047293901 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:45.362723112 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 19991
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.143356085 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.487452030 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 19996
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.127619028 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.442840099 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 19998
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:54.870424032 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:55.186330080 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20001
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.938806057 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.254199028 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20003
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.207858086 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.524709940 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20007
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.364337921 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.679657936 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20012
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.716756105 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.032320976 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20013
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.030342102 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.345506907 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20015
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:19.352303982 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.579224110 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.894365072 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20028
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.535912991 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.850680113 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20038
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:34.892975092 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.207672119 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20041
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:45.212030888 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:55.356622934 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.061883926 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.477468967 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 20070
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:14.495517969 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:24.624931097 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:34.756980896 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          3192.168.2.54972734.107.221.82805652C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:40.152543068 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.243122101 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17336
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.450788021 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.765681982 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17336
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:41.772429943 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:42.088465929 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17336
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:49.882138014 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:50.200612068 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17345
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.022949934 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:52.341672897 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17347
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.156416893 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:53.493659019 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17348
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.390667915 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:56.705360889 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17351
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.258538008 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:48:57.574086905 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17352
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.530366898 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:01.845196962 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17356
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:06.683906078 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:07.004527092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17361
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.036917925 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:08.352323055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17363
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.349013090 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:09.663789034 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17364
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:19.668920040 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:22.900373936 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:23.215476036 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17378
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:32.854104996 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:33.171278000 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17388
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.213170052 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:35.528573036 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17390
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:45.544254065 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:49:55.673044920 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.482446909 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:04.797243118 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 17419
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:14.812112093 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:24.940980911 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 20, 2024 16:50:35.073530912 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:28
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\gTU8ed4669.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\gTU8ed4669.exe"
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x660000
                                                                                                                                                                                                                                                                                                                                                          File size:970'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:2177E5DD54A3815B8535B4E6902C1777
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:29
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x270000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:29
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x270000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x270000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x270000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x270000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:31
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:32
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:32
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:32
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:32
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {788ec753-8911-4214-b663-accd94cf9494} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2201b26f710 socket
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:34
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3908 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1c3967e-c418-4a34-8ffb-95b5c942fc48} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2202d851e10 rdd
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                                                                                          Start time:10:48:40
                                                                                                                                                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8122f20-b90c-4c06-8f30-9d4c81547b9e} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 22033673310 utility
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:6.1%
                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1773
                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:54
                                                                                                                                                                                                                                                                                                                                                            execution_graph 94468 66dee5 94471 66b710 94468->94471 94472 66b72b 94471->94472 94473 6b0146 94472->94473 94475 6b00f8 94472->94475 94501 66b750 94472->94501 94540 6e58a2 348 API calls 2 library calls 94473->94540 94477 6b0102 94475->94477 94480 6b010f 94475->94480 94475->94501 94538 6e5d33 348 API calls 94477->94538 94497 66ba20 94480->94497 94539 6e61d0 348 API calls 2 library calls 94480->94539 94482 67d336 40 API calls 94482->94501 94485 6b03d9 94485->94485 94487 66ba4e 94489 6b0322 94553 6e5c0c 82 API calls 94489->94553 94496 66bbe0 40 API calls 94496->94501 94497->94487 94554 6d359c 82 API calls __wsopen_s 94497->94554 94501->94482 94501->94487 94501->94489 94501->94496 94501->94497 94502 66ec40 94501->94502 94526 66a81b 94501->94526 94530 67d2f0 40 API calls 94501->94530 94531 67a01b 348 API calls 94501->94531 94532 680242 5 API calls __Init_thread_wait 94501->94532 94533 67edcd 22 API calls 94501->94533 94534 6800a3 29 API calls __onexit 94501->94534 94535 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94501->94535 94536 67ee53 82 API calls 94501->94536 94537 67e5ca 348 API calls 94501->94537 94541 66aceb 94501->94541 94551 6bf6bf 23 API calls 94501->94551 94552 66a8c7 22 API calls __fread_nolock 94501->94552 94503 66ec76 ISource 94502->94503 94504 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94503->94504 94505 67fddb 22 API calls 94503->94505 94506 6b4beb 94503->94506 94508 66fef7 94503->94508 94510 6b4b0b 94503->94510 94511 6b4600 94503->94511 94516 680242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94503->94516 94517 66a8c7 22 API calls 94503->94517 94519 66fbe3 94503->94519 94520 66a961 22 API calls 94503->94520 94521 66ed9d ISource 94503->94521 94523 6800a3 29 API calls pre_c_initialization 94503->94523 94525 66f3ae ISource 94503->94525 94555 6701e0 94503->94555 94616 6706a0 41 API calls ISource 94503->94616 94504->94503 94505->94503 94622 6d359c 82 API calls __wsopen_s 94506->94622 94508->94521 94618 66a8c7 22 API calls __fread_nolock 94508->94618 94620 6d359c 82 API calls __wsopen_s 94510->94620 94511->94521 94617 66a8c7 22 API calls __fread_nolock 94511->94617 94516->94503 94517->94503 94519->94521 94522 6b4bdc 94519->94522 94519->94525 94520->94503 94521->94501 94621 6d359c 82 API calls __wsopen_s 94522->94621 94523->94503 94525->94521 94619 6d359c 82 API calls __wsopen_s 94525->94619 94527 66a826 94526->94527 94528 66a855 94527->94528 94529 66a993 41 API calls 94527->94529 94528->94501 94529->94528 94530->94501 94531->94501 94532->94501 94533->94501 94534->94501 94535->94501 94536->94501 94537->94501 94538->94480 94539->94497 94540->94501 94542 66acf9 94541->94542 94546 66ad2a ISource 94541->94546 94543 66ad55 94542->94543 94544 66ad01 ISource 94542->94544 94543->94546 95153 66a8c7 22 API calls __fread_nolock 94543->95153 94544->94546 94547 66ad21 94544->94547 94548 6afa48 94544->94548 94546->94501 94547->94546 94550 6afa3a VariantClear 94547->94550 94548->94546 95154 67ce17 22 API calls ISource 94548->95154 94550->94546 94551->94501 94552->94501 94553->94497 94554->94485 94556 670206 94555->94556 94571 67027e 94555->94571 94557 6b5411 94556->94557 94558 670213 94556->94558 94698 6e7b7e 348 API calls 2 library calls 94557->94698 94565 6b5435 94558->94565 94568 67021d 94558->94568 94560 6b5405 94697 6d359c 82 API calls __wsopen_s 94560->94697 94561 6b5466 94566 6b5493 94561->94566 94567 6b5471 94561->94567 94562 66ec40 348 API calls 94562->94571 94565->94561 94570 6b544d 94565->94570 94623 6e5689 94566->94623 94700 6e7b7e 348 API calls 2 library calls 94567->94700 94615 670230 ISource 94568->94615 94761 66a8c7 22 API calls __fread_nolock 94568->94761 94569 670405 94569->94503 94699 6d359c 82 API calls __wsopen_s 94570->94699 94571->94562 94571->94569 94577 6b51b9 94571->94577 94591 6703f9 94571->94591 94596 670344 94571->94596 94599 6b51ce ISource 94571->94599 94609 6703b2 ISource 94571->94609 94575 6b5332 94575->94615 94696 66a8c7 22 API calls __fread_nolock 94575->94696 94693 6d359c 82 API calls __wsopen_s 94577->94693 94578 6b568a 94584 6b56c0 94578->94584 94786 6e7771 67 API calls 94578->94786 94583 6b5532 94701 6d1119 22 API calls 94583->94701 94588 66aceb 23 API calls 94584->94588 94585 6b5668 94763 667510 94585->94763 94611 670273 ISource 94588->94611 94590 6b569e 94593 667510 53 API calls 94590->94593 94591->94569 94692 6d359c 82 API calls __wsopen_s 94591->94692 94592 6b54b9 94630 6d0acc 94592->94630 94608 6b56a6 _wcslen 94593->94608 94596->94591 94691 6704f0 22 API calls 94596->94691 94598 6b5544 94702 66a673 22 API calls 94598->94702 94599->94609 94599->94611 94694 6d359c 82 API calls __wsopen_s 94599->94694 94600 6703a5 94600->94591 94600->94609 94603 6b5670 _wcslen 94603->94578 94606 66aceb 23 API calls 94603->94606 94605 6b554d 94612 6d0acc 22 API calls 94605->94612 94606->94578 94608->94584 94610 66aceb 23 API calls 94608->94610 94609->94560 94609->94575 94609->94611 94609->94615 94695 67a308 348 API calls 94609->94695 94610->94584 94611->94503 94613 6b5566 94612->94613 94703 66bf40 94613->94703 94615->94578 94615->94611 94762 6e7632 54 API calls __wsopen_s 94615->94762 94616->94503 94617->94521 94618->94521 94619->94521 94620->94521 94621->94506 94622->94521 94624 6e56a4 94623->94624 94629 6b549e 94623->94629 94787 67fe0b 94624->94787 94627 6e56c6 94627->94629 94797 67fddb 94627->94797 94807 6d0a59 94627->94807 94629->94583 94629->94592 94631 6d0ada 94630->94631 94632 6b54e3 94630->94632 94631->94632 94633 67fddb 22 API calls 94631->94633 94634 671310 94632->94634 94633->94632 94635 671376 94634->94635 94636 6717b0 94634->94636 94638 671390 94635->94638 94639 6b6331 94635->94639 94865 680242 5 API calls __Init_thread_wait 94636->94865 94826 671940 94638->94826 94875 6e709c 348 API calls 94639->94875 94642 6717ba 94645 6717fb 94642->94645 94866 669cb3 94642->94866 94644 6b633d 94644->94615 94649 6b6346 94645->94649 94651 67182c 94645->94651 94646 671940 9 API calls 94648 6713b6 94646->94648 94648->94645 94650 6713ec 94648->94650 94876 6d359c 82 API calls __wsopen_s 94649->94876 94650->94649 94674 671408 __fread_nolock 94650->94674 94652 66aceb 23 API calls 94651->94652 94654 671839 94652->94654 94873 67d217 348 API calls 94654->94873 94655 6717d4 94872 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94655->94872 94658 6b636e 94877 6d359c 82 API calls __wsopen_s 94658->94877 94659 67152f 94661 6b63d1 94659->94661 94662 67153c 94659->94662 94879 6e5745 54 API calls _wcslen 94661->94879 94663 671940 9 API calls 94662->94663 94665 671549 94663->94665 94668 6b64fa 94665->94668 94670 671940 9 API calls 94665->94670 94666 67fddb 22 API calls 94666->94674 94667 67fe0b 22 API calls 94667->94674 94678 6b6369 94668->94678 94881 6d359c 82 API calls __wsopen_s 94668->94881 94669 671872 94874 67faeb 23 API calls 94669->94874 94676 671563 94670->94676 94673 66ec40 348 API calls 94673->94674 94674->94654 94674->94658 94674->94659 94674->94666 94674->94667 94674->94673 94675 6b63b2 94674->94675 94674->94678 94878 6d359c 82 API calls __wsopen_s 94675->94878 94676->94668 94681 6715c7 ISource 94676->94681 94880 66a8c7 22 API calls __fread_nolock 94676->94880 94678->94615 94680 671940 9 API calls 94680->94681 94681->94668 94681->94669 94681->94678 94681->94680 94684 67167b ISource 94681->94684 94836 67f645 94681->94836 94843 6d5c5a 94681->94843 94848 6ea2ea 94681->94848 94853 6eab67 94681->94853 94856 6eabf7 94681->94856 94861 6f1591 94681->94861 94682 67171d 94682->94615 94684->94682 94864 67ce17 22 API calls ISource 94684->94864 94691->94600 94692->94611 94693->94599 94694->94609 94695->94609 94696->94615 94697->94557 94698->94615 94699->94611 94700->94615 94701->94598 94702->94605 95074 66adf0 94703->95074 94705 66bf9d 94706 6b04b6 94705->94706 94707 66bfa9 94705->94707 95092 6d359c 82 API calls __wsopen_s 94706->95092 94709 6b04c6 94707->94709 94710 66c01e 94707->94710 95093 6d359c 82 API calls __wsopen_s 94709->95093 95079 66ac91 94710->95079 94713 66c7da 94717 67fe0b 22 API calls 94713->94717 94722 66c808 __fread_nolock 94717->94722 94719 6b04f5 94723 6b055a 94719->94723 95094 67d217 348 API calls 94719->95094 94727 67fe0b 22 API calls 94722->94727 94745 66c603 94723->94745 95095 6d359c 82 API calls __wsopen_s 94723->95095 94724 66ec40 348 API calls 94757 66c039 ISource __fread_nolock 94724->94757 94725 6c7120 22 API calls 94725->94757 94726 6b091a 95119 6d3209 23 API calls 94726->95119 94758 66c350 ISource __fread_nolock 94727->94758 94728 66af8a 22 API calls 94728->94757 94731 6b08a5 94732 66ec40 348 API calls 94731->94732 94734 6b08cf 94732->94734 94738 66a81b 41 API calls 94734->94738 94734->94745 94735 6b0591 95096 6d359c 82 API calls __wsopen_s 94735->95096 94736 6b08f6 95118 6d359c 82 API calls __wsopen_s 94736->95118 94738->94736 94741 66c237 94743 66c253 94741->94743 95120 66a8c7 22 API calls __fread_nolock 94741->95120 94742 66aceb 23 API calls 94742->94757 94746 6b0976 94743->94746 94751 66c297 ISource 94743->94751 94745->94615 94748 66aceb 23 API calls 94746->94748 94749 6b09bf 94748->94749 94749->94745 95121 6d359c 82 API calls __wsopen_s 94749->95121 94750 67fddb 22 API calls 94750->94757 94751->94749 94752 66aceb 23 API calls 94751->94752 94753 66c335 94752->94753 94753->94749 94754 66c342 94753->94754 95090 66a704 22 API calls ISource 94754->95090 94755 66bbe0 40 API calls 94755->94757 94757->94713 94757->94719 94757->94722 94757->94723 94757->94724 94757->94725 94757->94726 94757->94728 94757->94731 94757->94735 94757->94736 94757->94741 94757->94742 94757->94745 94757->94749 94757->94750 94757->94755 94759 67fe0b 22 API calls 94757->94759 95083 66ad81 94757->95083 95097 6c7099 22 API calls __fread_nolock 94757->95097 95098 6e5745 54 API calls _wcslen 94757->95098 95099 67aa42 22 API calls ISource 94757->95099 95100 6cf05c 40 API calls 94757->95100 95101 66a993 94757->95101 94760 66c3ac 94758->94760 95091 67ce17 22 API calls ISource 94758->95091 94759->94757 94760->94615 94761->94615 94762->94585 94764 667525 94763->94764 94765 667522 94763->94765 94766 66752d 94764->94766 94767 66755b 94764->94767 94765->94603 95149 6851c6 26 API calls 94766->95149 94769 6a50f6 94767->94769 94772 66756d 94767->94772 94778 6a500f 94767->94778 95152 685183 26 API calls 94769->95152 94770 66753d 94776 67fddb 22 API calls 94770->94776 95150 67fb21 51 API calls 94772->95150 94773 6a510e 94773->94773 94777 667547 94776->94777 94779 669cb3 22 API calls 94777->94779 94780 67fe0b 22 API calls 94778->94780 94785 6a5088 94778->94785 94779->94765 94781 6a5058 94780->94781 94782 67fddb 22 API calls 94781->94782 94783 6a507f 94782->94783 94784 669cb3 22 API calls 94783->94784 94784->94785 95151 67fb21 51 API calls 94785->95151 94786->94590 94789 67fddb 94787->94789 94790 67fdfa 94789->94790 94792 67fdfc 94789->94792 94811 68ea0c 94789->94811 94818 684ead 7 API calls 2 library calls 94789->94818 94790->94627 94796 68066d 94792->94796 94819 6832a4 RaiseException 94792->94819 94795 68068a 94795->94627 94820 6832a4 RaiseException 94796->94820 94799 67fde0 94797->94799 94798 68ea0c ___std_exception_copy 21 API calls 94798->94799 94799->94798 94800 67fdfa 94799->94800 94802 67fdfc 94799->94802 94823 684ead 7 API calls 2 library calls 94799->94823 94800->94627 94803 68066d 94802->94803 94824 6832a4 RaiseException 94802->94824 94825 6832a4 RaiseException 94803->94825 94806 68068a 94806->94627 94808 6d0a7a 94807->94808 94809 67fddb 22 API calls 94808->94809 94810 6d0a85 94808->94810 94809->94810 94810->94627 94817 693820 __FrameHandler3::FrameUnwindToState 94811->94817 94812 69385e 94822 68f2d9 20 API calls _free 94812->94822 94814 693849 RtlAllocateHeap 94815 69385c 94814->94815 94814->94817 94815->94789 94817->94812 94817->94814 94821 684ead 7 API calls 2 library calls 94817->94821 94818->94789 94819->94796 94820->94795 94821->94817 94822->94815 94823->94799 94824->94803 94825->94806 94827 671981 94826->94827 94829 67195d 94826->94829 94882 680242 5 API calls __Init_thread_wait 94827->94882 94835 6713a0 94829->94835 94884 680242 5 API calls __Init_thread_wait 94829->94884 94830 67198b 94830->94829 94883 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94830->94883 94832 678727 94832->94835 94885 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94832->94885 94835->94646 94886 66b567 94836->94886 94838 67f659 94839 67f661 timeGetTime 94838->94839 94840 6bf2dc Sleep 94838->94840 94841 66b567 39 API calls 94839->94841 94842 67f677 94841->94842 94842->94681 94844 667510 53 API calls 94843->94844 94845 6d5c6d 94844->94845 94892 6cdbbe lstrlenW 94845->94892 94847 6d5c77 94847->94681 94849 667510 53 API calls 94848->94849 94850 6ea306 94849->94850 94897 6cd4dc CreateToolhelp32Snapshot Process32FirstW 94850->94897 94852 6ea315 94852->94681 94918 6eaff9 94853->94918 94857 6eaff9 217 API calls 94856->94857 94859 6eac0c 94857->94859 94858 6eac54 94858->94681 94859->94858 94860 66aceb 23 API calls 94859->94860 94860->94858 95040 6f2ad8 94861->95040 94863 6f159f 94863->94681 94864->94684 94865->94642 94867 669cc2 _wcslen 94866->94867 94868 67fe0b 22 API calls 94867->94868 94869 669cea __fread_nolock 94868->94869 94870 67fddb 22 API calls 94869->94870 94871 669d00 94870->94871 94871->94655 94872->94645 94873->94669 94874->94669 94875->94644 94876->94678 94877->94678 94878->94678 94879->94676 94880->94681 94881->94678 94882->94830 94883->94829 94884->94832 94885->94835 94887 66b578 94886->94887 94888 66b57f 94886->94888 94887->94888 94891 6862d1 39 API calls _strftime 94887->94891 94888->94838 94890 66b5c2 94890->94838 94891->94890 94893 6cdbdc GetFileAttributesW 94892->94893 94894 6cdc06 94892->94894 94893->94894 94895 6cdbe8 FindFirstFileW 94893->94895 94894->94847 94895->94894 94896 6cdbf9 FindClose 94895->94896 94896->94894 94907 6cdef7 94897->94907 94899 6cd529 Process32NextW 94900 6cd5db CloseHandle 94899->94900 94902 6cd522 94899->94902 94900->94852 94901 66a961 22 API calls 94901->94902 94902->94899 94902->94900 94902->94901 94903 669cb3 22 API calls 94902->94903 94913 66525f 22 API calls 94902->94913 94914 666350 22 API calls 94902->94914 94915 67ce60 41 API calls 94902->94915 94903->94902 94908 6cdf02 94907->94908 94909 6cdf19 94908->94909 94912 6cdf1f 94908->94912 94916 6863b2 GetStringTypeW _strftime 94908->94916 94917 6862fb 39 API calls _strftime 94909->94917 94912->94902 94913->94902 94914->94902 94915->94902 94916->94908 94917->94912 94919 6eb01d ___scrt_fastfail 94918->94919 94920 6eb058 94919->94920 94921 6eb094 94919->94921 94922 66b567 39 API calls 94920->94922 94925 66b567 39 API calls 94921->94925 94926 6eb08b 94921->94926 94923 6eb063 94922->94923 94923->94926 94929 66b567 39 API calls 94923->94929 94924 6eb0ed 94927 667510 53 API calls 94924->94927 94928 6eb0a5 94925->94928 94926->94924 94930 66b567 39 API calls 94926->94930 94931 6eb10b 94927->94931 94932 66b567 39 API calls 94928->94932 94933 6eb078 94929->94933 94930->94924 95009 667620 94931->95009 94932->94926 94935 66b567 39 API calls 94933->94935 94935->94926 94936 6eb115 94937 6eb11f 94936->94937 94938 6eb1d8 94936->94938 94939 667510 53 API calls 94937->94939 94940 6eb20a GetCurrentDirectoryW 94938->94940 94943 667510 53 API calls 94938->94943 94941 6eb130 94939->94941 94942 67fe0b 22 API calls 94940->94942 94944 667620 22 API calls 94941->94944 94945 6eb22f GetCurrentDirectoryW 94942->94945 94946 6eb1ef 94943->94946 94947 6eb13a 94944->94947 94948 6eb23c 94945->94948 94949 667620 22 API calls 94946->94949 94950 667510 53 API calls 94947->94950 94953 6eb275 94948->94953 95016 669c6e 22 API calls 94948->95016 94951 6eb1f9 _wcslen 94949->94951 94952 6eb14b 94950->94952 94951->94940 94951->94953 94954 667620 22 API calls 94952->94954 94960 6eb28b 94953->94960 94961 6eb287 94953->94961 94956 6eb155 94954->94956 94958 667510 53 API calls 94956->94958 94957 6eb255 95017 669c6e 22 API calls 94957->95017 94963 6eb166 94958->94963 95019 6d07c0 10 API calls 94960->95019 94966 6eb39a CreateProcessW 94961->94966 94967 6eb2f8 94961->94967 94968 667620 22 API calls 94963->94968 94964 6eb265 95018 669c6e 22 API calls 94964->95018 94965 6eb294 95020 6d06e6 10 API calls 94965->95020 95008 6eb32f _wcslen 94966->95008 95022 6c11c8 39 API calls 94967->95022 94972 6eb170 94968->94972 94975 6eb1a6 GetSystemDirectoryW 94972->94975 94980 667510 53 API calls 94972->94980 94973 6eb2aa 95021 6d05a7 8 API calls 94973->95021 94974 6eb2fd 94978 6eb32a 94974->94978 94979 6eb323 94974->94979 94977 67fe0b 22 API calls 94975->94977 94982 6eb1cb GetSystemDirectoryW 94977->94982 95024 6c14ce 6 API calls 94978->95024 95023 6c1201 128 API calls 2 library calls 94979->95023 94984 6eb187 94980->94984 94981 6eb2d0 94981->94961 94982->94948 94987 667620 22 API calls 94984->94987 94986 6eb328 94986->95008 94988 6eb191 _wcslen 94987->94988 94988->94948 94988->94975 94989 6eb42f CloseHandle 94991 6eb43f 94989->94991 94999 6eb49a 94989->94999 94990 6eb3d6 GetLastError 94998 6eb41a 94990->94998 94992 6eb446 CloseHandle 94991->94992 94993 6eb451 94991->94993 94992->94993 94996 6eb458 CloseHandle 94993->94996 94997 6eb463 94993->94997 94995 6eb4a6 94995->94998 94996->94997 95000 6eb46a CloseHandle 94997->95000 95001 6eb475 94997->95001 95013 6d0175 94998->95013 94999->94995 95004 6eb4d2 CloseHandle 94999->95004 95000->95001 95025 6d09d9 34 API calls 95001->95025 95004->94998 95006 6eb486 95026 6eb536 25 API calls 95006->95026 95008->94989 95008->94990 95010 66762a _wcslen 95009->95010 95011 67fe0b 22 API calls 95010->95011 95012 66763f 95011->95012 95012->94936 95027 6d030f 95013->95027 95016->94957 95017->94964 95018->94953 95019->94965 95020->94973 95021->94981 95022->94974 95023->94986 95024->95008 95025->95006 95026->94999 95028 6d0329 95027->95028 95029 6d0321 CloseHandle 95027->95029 95030 6d032e CloseHandle 95028->95030 95031 6d0336 95028->95031 95029->95028 95030->95031 95032 6d033b CloseHandle 95031->95032 95033 6d0343 95031->95033 95032->95033 95034 6d0348 CloseHandle 95033->95034 95035 6d0350 95033->95035 95034->95035 95036 6d035d 95035->95036 95037 6d0355 CloseHandle 95035->95037 95038 6d017d 95036->95038 95039 6d0362 CloseHandle 95036->95039 95037->95036 95038->94681 95039->95038 95041 66aceb 23 API calls 95040->95041 95042 6f2af3 95041->95042 95043 6f2aff 95042->95043 95044 6f2b1d 95042->95044 95046 667510 53 API calls 95043->95046 95051 666b57 95044->95051 95048 6f2b0c 95046->95048 95047 6f2b1b 95047->94863 95048->95047 95050 66a8c7 22 API calls __fread_nolock 95048->95050 95050->95047 95052 666b67 _wcslen 95051->95052 95053 6a4ba1 95051->95053 95056 666ba2 95052->95056 95057 666b7d 95052->95057 95064 6693b2 95053->95064 95055 6a4baa 95055->95055 95058 67fddb 22 API calls 95056->95058 95063 666f34 22 API calls 95057->95063 95061 666bae 95058->95061 95060 666b85 __fread_nolock 95060->95047 95062 67fe0b 22 API calls 95061->95062 95062->95060 95063->95060 95065 6693c0 95064->95065 95067 6693c9 __fread_nolock 95064->95067 95065->95067 95068 66aec9 95065->95068 95067->95055 95069 66aedc 95068->95069 95073 66aed9 __fread_nolock 95068->95073 95070 67fddb 22 API calls 95069->95070 95071 66aee7 95070->95071 95072 67fe0b 22 API calls 95071->95072 95072->95073 95073->95067 95075 66ae01 95074->95075 95078 66ae1c ISource 95074->95078 95076 66aec9 22 API calls 95075->95076 95077 66ae09 CharUpperBuffW 95076->95077 95077->95078 95078->94705 95080 66acae 95079->95080 95081 66acd1 95080->95081 95122 6d359c 82 API calls __wsopen_s 95080->95122 95081->94757 95084 6afadb 95083->95084 95085 66ad92 95083->95085 95086 67fddb 22 API calls 95085->95086 95087 66ad99 95086->95087 95123 66adcd 95087->95123 95090->94758 95091->94758 95092->94709 95093->94745 95094->94723 95095->94745 95096->94745 95097->94757 95098->94757 95099->94757 95100->94757 95136 66bbe0 95101->95136 95103 66a9a3 95104 6af8c8 95103->95104 95105 66a9b1 95103->95105 95106 66aceb 23 API calls 95104->95106 95107 67fddb 22 API calls 95105->95107 95108 6af8d3 95106->95108 95109 66a9c2 95107->95109 95110 66a961 22 API calls 95109->95110 95111 66a9cc 95110->95111 95112 66a9db 95111->95112 95144 66a8c7 22 API calls __fread_nolock 95111->95144 95113 67fddb 22 API calls 95112->95113 95115 66a9e5 95113->95115 95145 66a869 40 API calls 95115->95145 95117 66aa09 95117->94757 95118->94745 95119->94741 95120->94743 95121->94745 95122->95081 95129 66addd 95123->95129 95124 66adb6 95124->94757 95125 67fddb 22 API calls 95125->95129 95128 66adcd 22 API calls 95128->95129 95129->95124 95129->95125 95129->95128 95130 66a961 95129->95130 95135 66a8c7 22 API calls __fread_nolock 95129->95135 95131 67fe0b 22 API calls 95130->95131 95132 66a976 95131->95132 95133 67fddb 22 API calls 95132->95133 95134 66a984 95133->95134 95134->95129 95135->95129 95137 66be27 95136->95137 95142 66bbf3 95136->95142 95137->95103 95139 66a961 22 API calls 95139->95142 95140 66bc9d 95140->95103 95142->95139 95142->95140 95146 680242 5 API calls __Init_thread_wait 95142->95146 95147 6800a3 29 API calls __onexit 95142->95147 95148 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95142->95148 95144->95112 95145->95117 95146->95142 95147->95142 95148->95142 95149->94770 95150->94770 95151->94769 95152->94773 95153->94546 95154->94546 95155 662de3 95156 662df0 __wsopen_s 95155->95156 95157 6a2c2b ___scrt_fastfail 95156->95157 95158 662e09 95156->95158 95161 6a2c47 GetOpenFileNameW 95157->95161 95171 663aa2 95158->95171 95163 6a2c96 95161->95163 95165 666b57 22 API calls 95163->95165 95167 6a2cab 95165->95167 95167->95167 95168 662e27 95199 6644a8 95168->95199 95228 6a1f50 95171->95228 95174 663ace 95176 666b57 22 API calls 95174->95176 95175 663ae9 95234 66a6c3 95175->95234 95178 663ada 95176->95178 95230 6637a0 95178->95230 95181 662da5 95182 6a1f50 __wsopen_s 95181->95182 95183 662db2 GetLongPathNameW 95182->95183 95184 666b57 22 API calls 95183->95184 95185 662dda 95184->95185 95186 663598 95185->95186 95187 66a961 22 API calls 95186->95187 95188 6635aa 95187->95188 95189 663aa2 23 API calls 95188->95189 95190 6635b5 95189->95190 95191 6635c0 95190->95191 95194 6a32eb 95190->95194 95240 66515f 95191->95240 95197 6a330d 95194->95197 95252 67ce60 41 API calls 95194->95252 95198 6635df 95198->95168 95253 664ecb 95199->95253 95202 6a3833 95275 6d2cf9 95202->95275 95204 664ecb 94 API calls 95206 6644e1 95204->95206 95205 6a3848 95208 6a3869 95205->95208 95209 6a384c 95205->95209 95206->95202 95207 6644e9 95206->95207 95210 6644f5 95207->95210 95211 6a3854 95207->95211 95213 67fe0b 22 API calls 95208->95213 95316 664f39 95209->95316 95315 66940c 136 API calls 2 library calls 95210->95315 95322 6cda5a 82 API calls 95211->95322 95227 6a38ae 95213->95227 95216 662e31 95217 6a3862 95217->95208 95218 664f39 68 API calls 95221 6a3a5f 95218->95221 95221->95218 95326 6c989b 82 API calls __wsopen_s 95221->95326 95224 669cb3 22 API calls 95224->95227 95227->95221 95227->95224 95301 66a4a1 95227->95301 95309 663ff7 95227->95309 95323 6c967e 22 API calls __fread_nolock 95227->95323 95324 6c95ad 42 API calls _wcslen 95227->95324 95325 6d0b5a 22 API calls 95227->95325 95229 663aaf GetFullPathNameW 95228->95229 95229->95174 95229->95175 95231 6637ae 95230->95231 95232 6693b2 22 API calls 95231->95232 95233 662e12 95232->95233 95233->95181 95235 66a6d0 95234->95235 95236 66a6dd 95234->95236 95235->95178 95237 67fddb 22 API calls 95236->95237 95238 66a6e7 95237->95238 95239 67fe0b 22 API calls 95238->95239 95239->95235 95241 66516e 95240->95241 95245 66518f __fread_nolock 95240->95245 95244 67fe0b 22 API calls 95241->95244 95242 67fddb 22 API calls 95243 6635cc 95242->95243 95246 6635f3 95243->95246 95244->95245 95245->95242 95247 663605 95246->95247 95251 663624 __fread_nolock 95246->95251 95249 67fe0b 22 API calls 95247->95249 95248 67fddb 22 API calls 95250 66363b 95248->95250 95249->95251 95250->95198 95251->95248 95252->95194 95327 664e90 LoadLibraryA 95253->95327 95258 664ef6 LoadLibraryExW 95335 664e59 LoadLibraryA 95258->95335 95259 6a3ccf 95261 664f39 68 API calls 95259->95261 95263 6a3cd6 95261->95263 95265 664e59 3 API calls 95263->95265 95267 6a3cde 95265->95267 95266 664f20 95266->95267 95268 664f2c 95266->95268 95357 6650f5 95267->95357 95269 664f39 68 API calls 95268->95269 95271 6644cd 95269->95271 95271->95202 95271->95204 95274 6a3d05 95276 6d2d15 95275->95276 95277 66511f 64 API calls 95276->95277 95278 6d2d29 95277->95278 95507 6d2e66 95278->95507 95281 6d2d3f 95281->95205 95282 6650f5 40 API calls 95283 6d2d56 95282->95283 95284 6650f5 40 API calls 95283->95284 95285 6d2d66 95284->95285 95286 6650f5 40 API calls 95285->95286 95287 6d2d81 95286->95287 95288 6650f5 40 API calls 95287->95288 95289 6d2d9c 95288->95289 95290 66511f 64 API calls 95289->95290 95291 6d2db3 95290->95291 95292 68ea0c ___std_exception_copy 21 API calls 95291->95292 95293 6d2dba 95292->95293 95294 68ea0c ___std_exception_copy 21 API calls 95293->95294 95295 6d2dc4 95294->95295 95296 6650f5 40 API calls 95295->95296 95297 6d2dd8 95296->95297 95298 6d28fe 27 API calls 95297->95298 95299 6d2dee 95298->95299 95299->95281 95513 6d22ce 79 API calls 95299->95513 95302 66a52b 95301->95302 95308 66a4b1 __fread_nolock 95301->95308 95304 67fe0b 22 API calls 95302->95304 95303 67fddb 22 API calls 95305 66a4b8 95303->95305 95304->95308 95306 66a4d6 95305->95306 95307 67fddb 22 API calls 95305->95307 95306->95227 95307->95306 95308->95303 95311 66400a 95309->95311 95313 6640ae 95309->95313 95310 66403c 95310->95313 95314 67fddb 22 API calls 95310->95314 95311->95310 95312 67fe0b 22 API calls 95311->95312 95312->95310 95313->95227 95314->95310 95315->95216 95317 664f43 95316->95317 95318 664f4a 95316->95318 95514 68e678 95317->95514 95320 664f6a FreeLibrary 95318->95320 95321 664f59 95318->95321 95320->95321 95321->95211 95322->95217 95323->95227 95324->95227 95325->95227 95326->95221 95328 664ec6 95327->95328 95329 664ea8 GetProcAddress 95327->95329 95332 68e5eb 95328->95332 95330 664eb8 95329->95330 95330->95328 95331 664ebf FreeLibrary 95330->95331 95331->95328 95365 68e52a 95332->95365 95334 664eea 95334->95258 95334->95259 95336 664e6e GetProcAddress 95335->95336 95337 664e8d 95335->95337 95338 664e7e 95336->95338 95340 664f80 95337->95340 95338->95337 95339 664e86 FreeLibrary 95338->95339 95339->95337 95341 67fe0b 22 API calls 95340->95341 95342 664f95 95341->95342 95433 665722 95342->95433 95344 664fa1 __fread_nolock 95345 664fdc 95344->95345 95346 6650a5 95344->95346 95347 6a3d1d 95344->95347 95350 6a3d22 95345->95350 95351 6650f5 40 API calls 95345->95351 95356 66506e ISource 95345->95356 95442 66511f 95345->95442 95436 6642a2 CreateStreamOnHGlobal 95346->95436 95447 6d304d 74 API calls 95347->95447 95352 66511f 64 API calls 95350->95352 95351->95345 95353 6a3d45 95352->95353 95354 6650f5 40 API calls 95353->95354 95354->95356 95356->95266 95358 665107 95357->95358 95359 6a3d70 95357->95359 95469 68e8c4 95358->95469 95362 6d28fe 95490 6d274e 95362->95490 95364 6d2919 95364->95274 95366 68e536 __FrameHandler3::FrameUnwindToState 95365->95366 95367 68e544 95366->95367 95369 68e574 95366->95369 95390 68f2d9 20 API calls _free 95367->95390 95371 68e579 95369->95371 95372 68e586 95369->95372 95370 68e549 95391 6927ec 26 API calls __fread_nolock 95370->95391 95392 68f2d9 20 API calls _free 95371->95392 95382 698061 95372->95382 95376 68e58f 95377 68e5a2 95376->95377 95378 68e595 95376->95378 95394 68e5d4 LeaveCriticalSection __fread_nolock 95377->95394 95393 68f2d9 20 API calls _free 95378->95393 95379 68e554 __fread_nolock 95379->95334 95383 69806d __FrameHandler3::FrameUnwindToState 95382->95383 95395 692f5e EnterCriticalSection 95383->95395 95385 69807b 95396 6980fb 95385->95396 95389 6980ac __fread_nolock 95389->95376 95390->95370 95391->95379 95392->95379 95393->95379 95394->95379 95395->95385 95400 69811e 95396->95400 95397 698088 95409 6980b7 95397->95409 95398 698177 95414 694c7d 95398->95414 95400->95397 95400->95398 95412 68918d EnterCriticalSection 95400->95412 95413 6891a1 LeaveCriticalSection 95400->95413 95404 698189 95404->95397 95427 693405 11 API calls 2 library calls 95404->95427 95406 6981a8 95428 68918d EnterCriticalSection 95406->95428 95432 692fa6 LeaveCriticalSection 95409->95432 95411 6980be 95411->95389 95412->95400 95413->95400 95420 694c8a __FrameHandler3::FrameUnwindToState 95414->95420 95415 694cca 95430 68f2d9 20 API calls _free 95415->95430 95416 694cb5 RtlAllocateHeap 95418 694cc8 95416->95418 95416->95420 95421 6929c8 95418->95421 95420->95415 95420->95416 95429 684ead 7 API calls 2 library calls 95420->95429 95422 6929fc _free 95421->95422 95423 6929d3 RtlFreeHeap 95421->95423 95422->95404 95423->95422 95424 6929e8 95423->95424 95431 68f2d9 20 API calls _free 95424->95431 95426 6929ee GetLastError 95426->95422 95427->95406 95428->95397 95429->95420 95430->95418 95431->95426 95432->95411 95434 67fddb 22 API calls 95433->95434 95435 665734 95434->95435 95435->95344 95437 6642bc FindResourceExW 95436->95437 95439 6642d9 95436->95439 95438 6a35ba LoadResource 95437->95438 95437->95439 95438->95439 95440 6a35cf SizeofResource 95438->95440 95439->95345 95440->95439 95441 6a35e3 LockResource 95440->95441 95441->95439 95443 66512e 95442->95443 95444 6a3d90 95442->95444 95448 68ece3 95443->95448 95447->95350 95451 68eaaa 95448->95451 95450 66513c 95450->95345 95454 68eab6 __FrameHandler3::FrameUnwindToState 95451->95454 95452 68eac2 95464 68f2d9 20 API calls _free 95452->95464 95453 68eae8 95466 68918d EnterCriticalSection 95453->95466 95454->95452 95454->95453 95457 68eac7 95465 6927ec 26 API calls __fread_nolock 95457->95465 95458 68eaf4 95467 68ec0a 62 API calls 2 library calls 95458->95467 95461 68eb08 95468 68eb27 LeaveCriticalSection __fread_nolock 95461->95468 95463 68ead2 __fread_nolock 95463->95450 95464->95457 95465->95463 95466->95458 95467->95461 95468->95463 95472 68e8e1 95469->95472 95471 665118 95471->95362 95473 68e8ed __FrameHandler3::FrameUnwindToState 95472->95473 95474 68e925 __fread_nolock 95473->95474 95475 68e92d 95473->95475 95476 68e900 ___scrt_fastfail 95473->95476 95474->95471 95487 68918d EnterCriticalSection 95475->95487 95485 68f2d9 20 API calls _free 95476->95485 95479 68e937 95488 68e6f8 38 API calls 3 library calls 95479->95488 95480 68e91a 95486 6927ec 26 API calls __fread_nolock 95480->95486 95483 68e94e 95489 68e96c LeaveCriticalSection __fread_nolock 95483->95489 95485->95480 95486->95474 95487->95479 95488->95483 95489->95474 95493 68e4e8 95490->95493 95492 6d275d 95492->95364 95496 68e469 95493->95496 95495 68e505 95495->95492 95497 68e478 95496->95497 95498 68e48c 95496->95498 95504 68f2d9 20 API calls _free 95497->95504 95503 68e488 __alldvrm 95498->95503 95506 69333f 11 API calls 2 library calls 95498->95506 95500 68e47d 95505 6927ec 26 API calls __fread_nolock 95500->95505 95503->95495 95504->95500 95505->95503 95506->95503 95512 6d2e7a 95507->95512 95508 6650f5 40 API calls 95508->95512 95509 6d2d3b 95509->95281 95509->95282 95510 6d28fe 27 API calls 95510->95512 95511 66511f 64 API calls 95511->95512 95512->95508 95512->95509 95512->95510 95512->95511 95513->95281 95515 68e684 __FrameHandler3::FrameUnwindToState 95514->95515 95516 68e6aa 95515->95516 95517 68e695 95515->95517 95526 68e6a5 __fread_nolock 95516->95526 95529 68918d EnterCriticalSection 95516->95529 95527 68f2d9 20 API calls _free 95517->95527 95520 68e69a 95528 6927ec 26 API calls __fread_nolock 95520->95528 95521 68e6c6 95530 68e602 95521->95530 95524 68e6d1 95546 68e6ee LeaveCriticalSection __fread_nolock 95524->95546 95526->95318 95527->95520 95528->95526 95529->95521 95531 68e60f 95530->95531 95532 68e624 95530->95532 95547 68f2d9 20 API calls _free 95531->95547 95538 68e61f 95532->95538 95549 68dc0b 95532->95549 95535 68e614 95548 6927ec 26 API calls __fread_nolock 95535->95548 95538->95524 95542 68e646 95566 69862f 95542->95566 95545 6929c8 _free 20 API calls 95545->95538 95546->95526 95547->95535 95548->95538 95550 68dc23 95549->95550 95554 68dc1f 95549->95554 95551 68d955 __fread_nolock 26 API calls 95550->95551 95550->95554 95552 68dc43 95551->95552 95581 6959be 62 API calls 5 library calls 95552->95581 95555 694d7a 95554->95555 95556 694d90 95555->95556 95557 68e640 95555->95557 95556->95557 95558 6929c8 _free 20 API calls 95556->95558 95559 68d955 95557->95559 95558->95557 95560 68d961 95559->95560 95561 68d976 95559->95561 95582 68f2d9 20 API calls _free 95560->95582 95561->95542 95563 68d966 95583 6927ec 26 API calls __fread_nolock 95563->95583 95565 68d971 95565->95542 95567 69863e 95566->95567 95568 698653 95566->95568 95584 68f2c6 20 API calls _free 95567->95584 95570 69868e 95568->95570 95575 69867a 95568->95575 95589 68f2c6 20 API calls _free 95570->95589 95572 698643 95585 68f2d9 20 API calls _free 95572->95585 95573 698693 95590 68f2d9 20 API calls _free 95573->95590 95586 698607 95575->95586 95578 68e64c 95578->95538 95578->95545 95579 69869b 95591 6927ec 26 API calls __fread_nolock 95579->95591 95581->95554 95582->95563 95583->95565 95584->95572 95585->95578 95592 698585 95586->95592 95588 69862b 95588->95578 95589->95573 95590->95579 95591->95578 95593 698591 __FrameHandler3::FrameUnwindToState 95592->95593 95603 695147 EnterCriticalSection 95593->95603 95595 69859f 95596 6985d1 95595->95596 95597 6985c6 95595->95597 95619 68f2d9 20 API calls _free 95596->95619 95604 6986ae 95597->95604 95600 6985cc 95620 6985fb LeaveCriticalSection __wsopen_s 95600->95620 95602 6985ee __fread_nolock 95602->95588 95603->95595 95621 6953c4 95604->95621 95606 6986c4 95634 695333 21 API calls 3 library calls 95606->95634 95607 6986be 95607->95606 95609 6953c4 __wsopen_s 26 API calls 95607->95609 95618 6986f6 95607->95618 95612 6986ed 95609->95612 95610 6953c4 __wsopen_s 26 API calls 95613 698702 CloseHandle 95610->95613 95611 69871c 95615 69873e 95611->95615 95635 68f2a3 20 API calls 2 library calls 95611->95635 95616 6953c4 __wsopen_s 26 API calls 95612->95616 95613->95606 95617 69870e GetLastError 95613->95617 95615->95600 95616->95618 95617->95606 95618->95606 95618->95610 95619->95600 95620->95602 95622 6953d1 95621->95622 95625 6953e6 95621->95625 95636 68f2c6 20 API calls _free 95622->95636 95624 6953d6 95637 68f2d9 20 API calls _free 95624->95637 95628 69540b 95625->95628 95638 68f2c6 20 API calls _free 95625->95638 95628->95607 95629 695416 95639 68f2d9 20 API calls _free 95629->95639 95630 6953de 95630->95607 95632 69541e 95640 6927ec 26 API calls __fread_nolock 95632->95640 95634->95611 95635->95615 95636->95624 95637->95630 95638->95629 95639->95632 95640->95630 95641 661cad SystemParametersInfoW 95642 6a2ba5 95643 662b25 95642->95643 95644 6a2baf 95642->95644 95670 662b83 7 API calls 95643->95670 95688 663a5a 95644->95688 95648 6a2bb8 95650 669cb3 22 API calls 95648->95650 95652 6a2bc6 95650->95652 95651 662b2f 95659 662b44 95651->95659 95674 663837 95651->95674 95653 6a2bce 95652->95653 95654 6a2bf5 95652->95654 95695 6633c6 95653->95695 95657 6633c6 22 API calls 95654->95657 95669 6a2bf1 GetForegroundWindow ShellExecuteW 95657->95669 95664 662b5f 95659->95664 95684 6630f2 95659->95684 95663 6a2c26 95663->95664 95666 662b66 SetCurrentDirectoryW 95664->95666 95665 6a2be7 95667 6633c6 22 API calls 95665->95667 95668 662b7a 95666->95668 95667->95669 95669->95663 95705 662cd4 7 API calls 95670->95705 95672 662b2a 95673 662c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95672->95673 95673->95651 95675 663862 ___scrt_fastfail 95674->95675 95706 664212 95675->95706 95678 6638e8 95680 663906 Shell_NotifyIconW 95678->95680 95681 6a3386 Shell_NotifyIconW 95678->95681 95710 663923 95680->95710 95683 66391c 95683->95659 95685 663154 95684->95685 95686 663104 ___scrt_fastfail 95684->95686 95685->95664 95687 663123 Shell_NotifyIconW 95686->95687 95687->95685 95689 6a1f50 __wsopen_s 95688->95689 95690 663a67 GetModuleFileNameW 95689->95690 95691 669cb3 22 API calls 95690->95691 95692 663a8d 95691->95692 95693 663aa2 23 API calls 95692->95693 95694 663a97 95693->95694 95694->95648 95696 6a30bb 95695->95696 95697 6633dd 95695->95697 95699 67fddb 22 API calls 95696->95699 95741 6633ee 95697->95741 95701 6a30c5 _wcslen 95699->95701 95700 6633e8 95704 666350 22 API calls 95700->95704 95702 67fe0b 22 API calls 95701->95702 95703 6a30fe __fread_nolock 95702->95703 95704->95665 95705->95672 95707 6638b7 95706->95707 95708 6a35a4 95706->95708 95707->95678 95732 6cc874 42 API calls _strftime 95707->95732 95708->95707 95709 6a35ad DestroyIcon 95708->95709 95709->95707 95711 66393f 95710->95711 95730 663a13 95710->95730 95733 666270 95711->95733 95714 6a3393 LoadStringW 95717 6a33ad 95714->95717 95715 66395a 95716 666b57 22 API calls 95715->95716 95718 66396f 95716->95718 95726 663994 ___scrt_fastfail 95717->95726 95739 66a8c7 22 API calls __fread_nolock 95717->95739 95719 6a33c9 95718->95719 95720 66397c 95718->95720 95740 666350 22 API calls 95719->95740 95720->95717 95722 663986 95720->95722 95738 666350 22 API calls 95722->95738 95725 6a33d7 95725->95726 95727 6633c6 22 API calls 95725->95727 95728 6639f9 Shell_NotifyIconW 95726->95728 95729 6a33f9 95727->95729 95728->95730 95731 6633c6 22 API calls 95729->95731 95730->95683 95731->95726 95732->95678 95734 67fe0b 22 API calls 95733->95734 95735 666295 95734->95735 95736 67fddb 22 API calls 95735->95736 95737 66394d 95736->95737 95737->95714 95737->95715 95738->95726 95739->95726 95740->95725 95742 6633fe _wcslen 95741->95742 95743 6a311d 95742->95743 95744 663411 95742->95744 95746 67fddb 22 API calls 95743->95746 95751 66a587 95744->95751 95748 6a3127 95746->95748 95747 66341e __fread_nolock 95747->95700 95749 67fe0b 22 API calls 95748->95749 95750 6a3157 __fread_nolock 95749->95750 95752 66a59d 95751->95752 95755 66a598 __fread_nolock 95751->95755 95753 6af80f 95752->95753 95754 67fe0b 22 API calls 95752->95754 95754->95755 95755->95747 95756 6bd27a GetUserNameW 95757 6bd292 95756->95757 95758 662e37 95759 66a961 22 API calls 95758->95759 95760 662e4d 95759->95760 95837 664ae3 95760->95837 95762 662e6b 95763 663a5a 24 API calls 95762->95763 95764 662e7f 95763->95764 95765 669cb3 22 API calls 95764->95765 95766 662e8c 95765->95766 95767 664ecb 94 API calls 95766->95767 95768 662ea5 95767->95768 95769 6a2cb0 95768->95769 95770 662ead 95768->95770 95771 6d2cf9 80 API calls 95769->95771 95851 66a8c7 22 API calls __fread_nolock 95770->95851 95772 6a2cc3 95771->95772 95773 6a2ccf 95772->95773 95776 664f39 68 API calls 95772->95776 95779 664f39 68 API calls 95773->95779 95775 662ec3 95852 666f88 22 API calls 95775->95852 95776->95773 95778 662ecf 95780 669cb3 22 API calls 95778->95780 95781 6a2ce5 95779->95781 95782 662edc 95780->95782 95867 663084 22 API calls 95781->95867 95783 66a81b 41 API calls 95782->95783 95785 662eec 95783->95785 95787 669cb3 22 API calls 95785->95787 95786 6a2d02 95868 663084 22 API calls 95786->95868 95789 662f12 95787->95789 95791 66a81b 41 API calls 95789->95791 95790 6a2d1e 95792 663a5a 24 API calls 95790->95792 95793 662f21 95791->95793 95794 6a2d44 95792->95794 95796 66a961 22 API calls 95793->95796 95869 663084 22 API calls 95794->95869 95798 662f3f 95796->95798 95797 6a2d50 95870 66a8c7 22 API calls __fread_nolock 95797->95870 95853 663084 22 API calls 95798->95853 95801 6a2d5e 95871 663084 22 API calls 95801->95871 95802 662f4b 95854 684a28 40 API calls 3 library calls 95802->95854 95804 6a2d6d 95872 66a8c7 22 API calls __fread_nolock 95804->95872 95806 662f59 95806->95781 95807 662f63 95806->95807 95855 684a28 40 API calls 3 library calls 95807->95855 95810 6a2d83 95873 663084 22 API calls 95810->95873 95811 662f6e 95811->95786 95813 662f78 95811->95813 95856 684a28 40 API calls 3 library calls 95813->95856 95814 6a2d90 95816 662f83 95816->95790 95817 662f8d 95816->95817 95857 684a28 40 API calls 3 library calls 95817->95857 95819 662f98 95820 662fdc 95819->95820 95858 663084 22 API calls 95819->95858 95820->95804 95821 662fe8 95820->95821 95821->95814 95861 6663eb 22 API calls 95821->95861 95823 662fbf 95859 66a8c7 22 API calls __fread_nolock 95823->95859 95826 662ff8 95862 666a50 22 API calls 95826->95862 95827 662fcd 95860 663084 22 API calls 95827->95860 95830 663006 95863 6670b0 23 API calls 95830->95863 95834 663021 95835 663065 95834->95835 95864 666f88 22 API calls 95834->95864 95865 6670b0 23 API calls 95834->95865 95866 663084 22 API calls 95834->95866 95838 664af0 __wsopen_s 95837->95838 95839 666b57 22 API calls 95838->95839 95840 664b22 95838->95840 95839->95840 95849 664b58 95840->95849 95874 664c6d 95840->95874 95842 669cb3 22 API calls 95843 664c52 95842->95843 95845 66515f 22 API calls 95843->95845 95844 669cb3 22 API calls 95844->95849 95848 664c5e 95845->95848 95846 664c6d 22 API calls 95846->95849 95847 66515f 22 API calls 95847->95849 95848->95762 95849->95844 95849->95846 95849->95847 95850 664c29 95849->95850 95850->95842 95850->95848 95851->95775 95852->95778 95853->95802 95854->95806 95855->95811 95856->95816 95857->95819 95858->95823 95859->95827 95860->95820 95861->95826 95862->95830 95863->95834 95864->95834 95865->95834 95866->95834 95867->95786 95868->95790 95869->95797 95870->95801 95871->95804 95872->95810 95873->95814 95875 66aec9 22 API calls 95874->95875 95876 664c78 95875->95876 95876->95840 95877 6803fb 95878 680407 __FrameHandler3::FrameUnwindToState 95877->95878 95906 67feb1 95878->95906 95880 68040e 95881 680561 95880->95881 95884 680438 95880->95884 95936 68083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95881->95936 95883 680568 95929 684e52 95883->95929 95895 680477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95884->95895 95917 69247d 95884->95917 95891 680457 95893 6804d8 95925 680959 95893->95925 95895->95893 95932 684e1a 38 API calls 3 library calls 95895->95932 95897 6804de 95898 6804f3 95897->95898 95933 680992 GetModuleHandleW 95898->95933 95900 6804fa 95900->95883 95901 6804fe 95900->95901 95902 680507 95901->95902 95934 684df5 28 API calls _abort 95901->95934 95935 680040 13 API calls 2 library calls 95902->95935 95905 68050f 95905->95891 95907 67feba 95906->95907 95938 680698 IsProcessorFeaturePresent 95907->95938 95909 67fec6 95939 682c94 10 API calls 3 library calls 95909->95939 95911 67fecb 95916 67fecf 95911->95916 95940 692317 95911->95940 95913 67fee6 95913->95880 95916->95880 95918 692494 95917->95918 95919 680a8c _ValidateLocalCookies 5 API calls 95918->95919 95920 680451 95919->95920 95920->95891 95921 692421 95920->95921 95922 692450 95921->95922 95923 680a8c _ValidateLocalCookies 5 API calls 95922->95923 95924 692479 95923->95924 95924->95895 95999 682340 95925->95999 95928 68097f 95928->95897 96001 684bcf 95929->96001 95932->95893 95933->95900 95934->95902 95935->95905 95936->95883 95938->95909 95939->95911 95944 69d1f6 95940->95944 95943 682cbd 8 API calls 3 library calls 95943->95916 95946 69d20f 95944->95946 95948 69d213 95944->95948 95962 680a8c 95946->95962 95947 67fed8 95947->95913 95947->95943 95948->95946 95950 694bfb 95948->95950 95951 694c07 __FrameHandler3::FrameUnwindToState 95950->95951 95969 692f5e EnterCriticalSection 95951->95969 95953 694c0e 95970 6950af 95953->95970 95955 694c1d 95961 694c2c 95955->95961 95983 694a8f 29 API calls 95955->95983 95958 694c27 95984 694b45 GetStdHandle GetFileType 95958->95984 95959 694c3d __fread_nolock 95959->95948 95985 694c48 LeaveCriticalSection _abort 95961->95985 95963 680a95 95962->95963 95964 680a97 IsProcessorFeaturePresent 95962->95964 95963->95947 95966 680c5d 95964->95966 95998 680c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95966->95998 95968 680d40 95968->95947 95969->95953 95971 6950bb __FrameHandler3::FrameUnwindToState 95970->95971 95972 6950c8 95971->95972 95973 6950df 95971->95973 95994 68f2d9 20 API calls _free 95972->95994 95986 692f5e EnterCriticalSection 95973->95986 95976 6950cd 95995 6927ec 26 API calls __fread_nolock 95976->95995 95978 6950d7 __fread_nolock 95978->95955 95979 6950eb 95982 695117 95979->95982 95987 695000 95979->95987 95996 69513e LeaveCriticalSection _abort 95982->95996 95983->95958 95984->95961 95985->95959 95986->95979 95988 694c7d __FrameHandler3::FrameUnwindToState 20 API calls 95987->95988 95990 695012 95988->95990 95989 69501f 95991 6929c8 _free 20 API calls 95989->95991 95990->95989 95997 693405 11 API calls 2 library calls 95990->95997 95993 695071 95991->95993 95993->95979 95994->95976 95995->95978 95996->95978 95997->95990 95998->95968 96000 68096c GetStartupInfoW 95999->96000 96000->95928 96002 684bdb __FrameHandler3::FrameUnwindToState 96001->96002 96003 684be2 96002->96003 96004 684bf4 96002->96004 96040 684d29 GetModuleHandleW 96003->96040 96025 692f5e EnterCriticalSection 96004->96025 96007 684be7 96007->96004 96041 684d6d GetModuleHandleExW 96007->96041 96011 684bfb 96013 684c70 96011->96013 96023 684c99 96011->96023 96026 6921a8 96011->96026 96014 684c88 96013->96014 96018 692421 _abort 5 API calls 96013->96018 96019 692421 _abort 5 API calls 96014->96019 96015 684ce2 96049 6a1d29 5 API calls _ValidateLocalCookies 96015->96049 96016 684cb6 96032 684ce8 96016->96032 96018->96014 96019->96023 96029 684cd9 96023->96029 96025->96011 96050 691ee1 96026->96050 96069 692fa6 LeaveCriticalSection 96029->96069 96031 684cb2 96031->96015 96031->96016 96070 69360c 96032->96070 96035 684d16 96038 684d6d _abort 8 API calls 96035->96038 96036 684cf6 GetPEB 96036->96035 96037 684d06 GetCurrentProcess TerminateProcess 96036->96037 96037->96035 96039 684d1e ExitProcess 96038->96039 96040->96007 96042 684dba 96041->96042 96043 684d97 GetProcAddress 96041->96043 96045 684dc9 96042->96045 96046 684dc0 FreeLibrary 96042->96046 96044 684dac 96043->96044 96044->96042 96047 680a8c _ValidateLocalCookies 5 API calls 96045->96047 96046->96045 96048 684bf3 96047->96048 96048->96004 96053 691e90 96050->96053 96052 691f05 96052->96013 96054 691e9c __FrameHandler3::FrameUnwindToState 96053->96054 96061 692f5e EnterCriticalSection 96054->96061 96056 691eaa 96062 691f31 96056->96062 96060 691ec8 __fread_nolock 96060->96052 96061->96056 96063 691f59 96062->96063 96064 691f51 96062->96064 96063->96064 96067 6929c8 _free 20 API calls 96063->96067 96065 680a8c _ValidateLocalCookies 5 API calls 96064->96065 96066 691eb7 96065->96066 96068 691ed5 LeaveCriticalSection _abort 96066->96068 96067->96064 96068->96060 96069->96031 96071 693631 96070->96071 96072 693627 96070->96072 96077 692fd7 5 API calls 2 library calls 96071->96077 96074 680a8c _ValidateLocalCookies 5 API calls 96072->96074 96075 684cf2 96074->96075 96075->96035 96075->96036 96076 693648 96076->96072 96077->96076 96078 66fe73 96085 67ceb1 96078->96085 96080 66fe89 96094 67cf92 96080->96094 96082 66feb3 96106 6d359c 82 API calls __wsopen_s 96082->96106 96084 6b4ab8 96086 67ced2 96085->96086 96087 67cebf 96085->96087 96089 67ced7 96086->96089 96090 67cf05 96086->96090 96088 66aceb 23 API calls 96087->96088 96093 67cec9 96088->96093 96091 67fddb 22 API calls 96089->96091 96092 66aceb 23 API calls 96090->96092 96091->96093 96092->96093 96093->96080 96095 666270 22 API calls 96094->96095 96096 67cfc9 96095->96096 96097 669cb3 22 API calls 96096->96097 96100 67cffa 96096->96100 96098 6bd166 96097->96098 96107 666350 22 API calls 96098->96107 96100->96082 96101 6bd171 96108 67d2f0 40 API calls 96101->96108 96103 6bd184 96104 66aceb 23 API calls 96103->96104 96105 6bd188 96103->96105 96104->96105 96105->96105 96106->96084 96107->96101 96108->96103 96109 661033 96114 664c91 96109->96114 96113 661042 96115 66a961 22 API calls 96114->96115 96116 664cff 96115->96116 96122 663af0 96116->96122 96119 664d9c 96120 661038 96119->96120 96125 6651f7 22 API calls __fread_nolock 96119->96125 96121 6800a3 29 API calls __onexit 96120->96121 96121->96113 96126 663b1c 96122->96126 96125->96119 96127 663b0f 96126->96127 96128 663b29 96126->96128 96127->96119 96128->96127 96129 663b30 RegOpenKeyExW 96128->96129 96129->96127 96130 663b4a RegQueryValueExW 96129->96130 96131 663b80 RegCloseKey 96130->96131 96132 663b6b 96130->96132 96131->96127 96132->96131 96133 66defc 96136 661d6f 96133->96136 96135 66df07 96137 661d8c 96136->96137 96145 661f6f 96137->96145 96139 661da6 96140 6a2759 96139->96140 96142 661e36 96139->96142 96143 661dc2 96139->96143 96149 6d359c 82 API calls __wsopen_s 96140->96149 96142->96135 96143->96142 96148 66289a 23 API calls 96143->96148 96146 66ec40 348 API calls 96145->96146 96147 661f98 96146->96147 96147->96139 96148->96142 96149->96142 96150 6b3f75 96151 67ceb1 23 API calls 96150->96151 96152 6b3f8b 96151->96152 96154 6b4006 96152->96154 96161 67e300 23 API calls 96152->96161 96155 66bf40 348 API calls 96154->96155 96157 6b4052 96155->96157 96160 6b4a88 96157->96160 96163 6d359c 82 API calls __wsopen_s 96157->96163 96158 6b3fe6 96158->96157 96162 6d1abf 22 API calls 96158->96162 96161->96158 96162->96154 96163->96160 96164 661044 96169 6610f3 96164->96169 96166 66104a 96205 6800a3 29 API calls __onexit 96166->96205 96168 661054 96206 661398 96169->96206 96173 66116a 96174 66a961 22 API calls 96173->96174 96175 661174 96174->96175 96176 66a961 22 API calls 96175->96176 96177 66117e 96176->96177 96178 66a961 22 API calls 96177->96178 96179 661188 96178->96179 96180 66a961 22 API calls 96179->96180 96181 6611c6 96180->96181 96182 66a961 22 API calls 96181->96182 96183 661292 96182->96183 96216 66171c 96183->96216 96187 6612c4 96188 66a961 22 API calls 96187->96188 96189 6612ce 96188->96189 96190 671940 9 API calls 96189->96190 96191 6612f9 96190->96191 96237 661aab 96191->96237 96193 661315 96194 661325 GetStdHandle 96193->96194 96195 6a2485 96194->96195 96197 66137a 96194->96197 96196 6a248e 96195->96196 96195->96197 96198 67fddb 22 API calls 96196->96198 96199 661387 OleInitialize 96197->96199 96200 6a2495 96198->96200 96199->96166 96244 6d011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96200->96244 96202 6a249e 96245 6d0944 CreateThread 96202->96245 96204 6a24aa CloseHandle 96204->96197 96205->96168 96246 6613f1 96206->96246 96209 6613f1 22 API calls 96210 6613d0 96209->96210 96211 66a961 22 API calls 96210->96211 96212 6613dc 96211->96212 96213 666b57 22 API calls 96212->96213 96214 661129 96213->96214 96215 661bc3 6 API calls 96214->96215 96215->96173 96217 66a961 22 API calls 96216->96217 96218 66172c 96217->96218 96219 66a961 22 API calls 96218->96219 96220 661734 96219->96220 96221 66a961 22 API calls 96220->96221 96222 66174f 96221->96222 96223 67fddb 22 API calls 96222->96223 96224 66129c 96223->96224 96225 661b4a 96224->96225 96226 661b58 96225->96226 96227 66a961 22 API calls 96226->96227 96228 661b63 96227->96228 96229 66a961 22 API calls 96228->96229 96230 661b6e 96229->96230 96231 66a961 22 API calls 96230->96231 96232 661b79 96231->96232 96233 66a961 22 API calls 96232->96233 96234 661b84 96233->96234 96235 67fddb 22 API calls 96234->96235 96236 661b96 RegisterWindowMessageW 96235->96236 96236->96187 96238 6a272d 96237->96238 96239 661abb 96237->96239 96253 6d3209 23 API calls 96238->96253 96241 67fddb 22 API calls 96239->96241 96243 661ac3 96241->96243 96242 6a2738 96243->96193 96244->96202 96245->96204 96254 6d092a 28 API calls 96245->96254 96247 66a961 22 API calls 96246->96247 96248 6613fc 96247->96248 96249 66a961 22 API calls 96248->96249 96250 661404 96249->96250 96251 66a961 22 API calls 96250->96251 96252 6613c6 96251->96252 96252->96209 96253->96242 96255 6a2402 96258 661410 96255->96258 96259 6a24b8 DestroyWindow 96258->96259 96260 66144f mciSendStringW 96258->96260 96273 6a24c4 96259->96273 96261 6616c6 96260->96261 96262 66146b 96260->96262 96261->96262 96263 6616d5 UnregisterHotKey 96261->96263 96264 661479 96262->96264 96262->96273 96263->96261 96291 66182e 96264->96291 96267 6a2509 96272 6a252d 96267->96272 96274 6a251c FreeLibrary 96267->96274 96268 6a24d8 96268->96273 96297 666246 CloseHandle 96268->96297 96269 6a24e2 FindClose 96269->96273 96270 66148e 96270->96272 96278 66149c 96270->96278 96275 6a2541 VirtualFree 96272->96275 96280 661509 96272->96280 96273->96267 96273->96268 96273->96269 96274->96267 96275->96272 96276 6614f8 CoUninitialize 96276->96280 96277 6a2589 96283 6a2598 ISource 96277->96283 96298 6d32eb 6 API calls ISource 96277->96298 96278->96276 96280->96277 96281 661514 96280->96281 96295 661944 VirtualFreeEx CloseHandle 96281->96295 96287 6a2627 96283->96287 96299 6c64d4 22 API calls ISource 96283->96299 96285 66153a 96285->96283 96286 66161f 96285->96286 96286->96287 96288 66166d 96286->96288 96287->96287 96288->96287 96296 661876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96288->96296 96290 6616c1 96293 66183b 96291->96293 96292 661480 96292->96267 96292->96270 96293->96292 96300 6c702a 22 API calls 96293->96300 96295->96285 96296->96290 96297->96268 96298->96277 96299->96283 96300->96293 96301 6b2a00 96317 66d7b0 ISource 96301->96317 96302 66db11 PeekMessageW 96302->96317 96303 66d807 GetInputState 96303->96302 96303->96317 96304 6b1cbe TranslateAcceleratorW 96304->96317 96306 66db8f PeekMessageW 96306->96317 96307 66da04 timeGetTime 96307->96317 96308 66db73 TranslateMessage DispatchMessageW 96308->96306 96309 66dbaf Sleep 96309->96317 96310 6b2b74 Sleep 96323 6b2a51 96310->96323 96313 6b1dda timeGetTime 96369 67e300 23 API calls 96313->96369 96314 6cd4dc 47 API calls 96314->96323 96316 6b2c0b GetExitCodeProcess 96321 6b2c21 WaitForSingleObject 96316->96321 96322 6b2c37 CloseHandle 96316->96322 96317->96302 96317->96303 96317->96304 96317->96306 96317->96307 96317->96308 96317->96309 96317->96310 96317->96313 96320 66d9d5 96317->96320 96317->96323 96328 66ec40 348 API calls 96317->96328 96330 671310 348 API calls 96317->96330 96331 66bf40 348 API calls 96317->96331 96333 66dd50 96317->96333 96340 66dfd0 96317->96340 96363 67edf6 96317->96363 96368 67e551 timeGetTime 96317->96368 96370 6d3a2a 23 API calls 96317->96370 96371 6d359c 82 API calls __wsopen_s 96317->96371 96318 6f29bf GetForegroundWindow 96318->96323 96321->96317 96321->96322 96322->96323 96323->96314 96323->96316 96323->96317 96323->96318 96323->96320 96324 6b2ca9 Sleep 96323->96324 96372 6e5658 23 API calls 96323->96372 96373 6ce97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96323->96373 96374 67e551 timeGetTime 96323->96374 96324->96317 96328->96317 96330->96317 96331->96317 96334 66dd83 96333->96334 96335 66dd6f 96333->96335 96407 6d359c 82 API calls __wsopen_s 96334->96407 96375 66d260 96335->96375 96338 66dd7a 96338->96317 96339 6b2f75 96339->96339 96341 66e010 96340->96341 96358 66e0dc ISource 96341->96358 96416 680242 5 API calls __Init_thread_wait 96341->96416 96344 6b2fca 96346 66a961 22 API calls 96344->96346 96344->96358 96345 66a961 22 API calls 96345->96358 96349 6b2fe4 96346->96349 96347 66a81b 41 API calls 96347->96358 96417 6800a3 29 API calls __onexit 96349->96417 96351 6b2fee 96418 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96351->96418 96354 66ec40 348 API calls 96354->96358 96355 6d359c 82 API calls 96355->96358 96358->96345 96358->96347 96358->96354 96358->96355 96359 66e3e1 96358->96359 96360 6704f0 22 API calls 96358->96360 96414 66a8c7 22 API calls __fread_nolock 96358->96414 96415 67a308 348 API calls 96358->96415 96419 680242 5 API calls __Init_thread_wait 96358->96419 96420 6800a3 29 API calls __onexit 96358->96420 96421 6801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96358->96421 96422 6e47d4 348 API calls 96358->96422 96423 6e68c1 348 API calls 96358->96423 96359->96317 96360->96358 96364 67ee12 96363->96364 96366 67ee09 96363->96366 96365 67ee36 IsDialogMessageW 96364->96365 96364->96366 96367 6befaf GetClassLongW 96364->96367 96365->96364 96365->96366 96366->96317 96367->96364 96367->96365 96368->96317 96369->96317 96370->96317 96371->96317 96372->96323 96373->96323 96374->96323 96376 66ec40 348 API calls 96375->96376 96392 66d29d 96376->96392 96377 6b1bc4 96413 6d359c 82 API calls __wsopen_s 96377->96413 96379 66d30b ISource 96379->96338 96380 66d6d5 96380->96379 96390 67fe0b 22 API calls 96380->96390 96381 66d3c3 96381->96380 96382 66d3ce 96381->96382 96384 67fddb 22 API calls 96382->96384 96383 66d5ff 96385 66d614 96383->96385 96386 6b1bb5 96383->96386 96394 66d3d5 __fread_nolock 96384->96394 96388 67fddb 22 API calls 96385->96388 96412 6e5705 23 API calls 96386->96412 96387 66d4b8 96391 67fe0b 22 API calls 96387->96391 96399 66d46a 96388->96399 96390->96394 96402 66d429 ISource __fread_nolock 96391->96402 96392->96377 96392->96379 96392->96380 96392->96381 96392->96387 96395 67fddb 22 API calls 96392->96395 96392->96402 96393 67fddb 22 API calls 96396 66d3f6 96393->96396 96394->96393 96394->96396 96395->96392 96396->96402 96408 66bec0 348 API calls 96396->96408 96398 6b1ba4 96411 6d359c 82 API calls __wsopen_s 96398->96411 96399->96338 96401 661f6f 348 API calls 96401->96402 96402->96383 96402->96398 96402->96399 96402->96401 96403 6b1b7f 96402->96403 96405 6b1b5d 96402->96405 96410 6d359c 82 API calls __wsopen_s 96403->96410 96409 6d359c 82 API calls __wsopen_s 96405->96409 96407->96339 96408->96402 96409->96399 96410->96399 96411->96399 96412->96377 96413->96379 96414->96358 96415->96358 96416->96344 96417->96351 96418->96358 96419->96358 96420->96358 96421->96358 96422->96358 96423->96358 96424 698402 96429 6981be 96424->96429 96427 69842a 96430 6981ef try_get_first_available_module 96429->96430 96440 698338 96430->96440 96444 688e0b 40 API calls 2 library calls 96430->96444 96432 6983ee 96448 6927ec 26 API calls __fread_nolock 96432->96448 96434 698343 96434->96427 96441 6a0984 96434->96441 96436 69838c 96436->96440 96445 688e0b 40 API calls 2 library calls 96436->96445 96438 6983ab 96438->96440 96446 688e0b 40 API calls 2 library calls 96438->96446 96440->96434 96447 68f2d9 20 API calls _free 96440->96447 96449 6a0081 96441->96449 96443 6a099f 96443->96427 96444->96436 96445->96438 96446->96440 96447->96432 96448->96434 96452 6a008d __FrameHandler3::FrameUnwindToState 96449->96452 96450 6a009b 96507 68f2d9 20 API calls _free 96450->96507 96452->96450 96454 6a00d4 96452->96454 96453 6a00a0 96508 6927ec 26 API calls __fread_nolock 96453->96508 96460 6a065b 96454->96460 96459 6a00aa __fread_nolock 96459->96443 96510 6a042f 96460->96510 96463 6a068d 96542 68f2c6 20 API calls _free 96463->96542 96464 6a06a6 96528 695221 96464->96528 96467 6a06ab 96468 6a06cb 96467->96468 96469 6a06b4 96467->96469 96541 6a039a CreateFileW 96468->96541 96544 68f2c6 20 API calls _free 96469->96544 96473 6a00f8 96509 6a0121 LeaveCriticalSection __wsopen_s 96473->96509 96474 6a06b9 96545 68f2d9 20 API calls _free 96474->96545 96475 6a0781 GetFileType 96478 6a078c GetLastError 96475->96478 96479 6a07d3 96475->96479 96477 6a0756 GetLastError 96547 68f2a3 20 API calls 2 library calls 96477->96547 96548 68f2a3 20 API calls 2 library calls 96478->96548 96550 69516a 21 API calls 3 library calls 96479->96550 96480 6a0692 96543 68f2d9 20 API calls _free 96480->96543 96481 6a0704 96481->96475 96481->96477 96546 6a039a CreateFileW 96481->96546 96485 6a079a CloseHandle 96485->96480 96488 6a07c3 96485->96488 96487 6a0749 96487->96475 96487->96477 96549 68f2d9 20 API calls _free 96488->96549 96489 6a07f4 96491 6a0840 96489->96491 96551 6a05ab 72 API calls 4 library calls 96489->96551 96496 6a086d 96491->96496 96552 6a014d 72 API calls 4 library calls 96491->96552 96492 6a07c8 96492->96480 96495 6a0866 96495->96496 96497 6a087e 96495->96497 96498 6986ae __wsopen_s 29 API calls 96496->96498 96497->96473 96499 6a08fc CloseHandle 96497->96499 96498->96473 96553 6a039a CreateFileW 96499->96553 96501 6a0927 96502 6a095d 96501->96502 96503 6a0931 GetLastError 96501->96503 96502->96473 96554 68f2a3 20 API calls 2 library calls 96503->96554 96505 6a093d 96555 695333 21 API calls 3 library calls 96505->96555 96507->96453 96508->96459 96509->96459 96511 6a0450 96510->96511 96512 6a046a 96510->96512 96511->96512 96563 68f2d9 20 API calls _free 96511->96563 96556 6a03bf 96512->96556 96515 6a045f 96564 6927ec 26 API calls __fread_nolock 96515->96564 96517 6a04a2 96518 6a04d1 96517->96518 96565 68f2d9 20 API calls _free 96517->96565 96519 6a0524 96518->96519 96567 68d70d 26 API calls 2 library calls 96518->96567 96519->96463 96519->96464 96522 6a051f 96522->96519 96524 6a059e 96522->96524 96523 6a04c6 96566 6927ec 26 API calls __fread_nolock 96523->96566 96568 6927fc 11 API calls _abort 96524->96568 96527 6a05aa 96529 69522d __FrameHandler3::FrameUnwindToState 96528->96529 96571 692f5e EnterCriticalSection 96529->96571 96531 695259 96533 695000 __wsopen_s 21 API calls 96531->96533 96535 69525e 96533->96535 96534 6952a4 __fread_nolock 96534->96467 96538 69527b 96535->96538 96575 695147 EnterCriticalSection 96535->96575 96536 695234 96536->96531 96537 6952c7 EnterCriticalSection 96536->96537 96536->96538 96537->96538 96539 6952d4 LeaveCriticalSection 96537->96539 96572 69532a 96538->96572 96539->96536 96541->96481 96542->96480 96543->96473 96544->96474 96545->96480 96546->96487 96547->96480 96548->96485 96549->96492 96550->96489 96551->96491 96552->96495 96553->96501 96554->96505 96555->96502 96559 6a03d7 96556->96559 96557 6a03f2 96557->96517 96559->96557 96569 68f2d9 20 API calls _free 96559->96569 96560 6a0416 96570 6927ec 26 API calls __fread_nolock 96560->96570 96562 6a0421 96562->96517 96563->96515 96564->96512 96565->96523 96566->96518 96567->96522 96568->96527 96569->96560 96570->96562 96571->96536 96576 692fa6 LeaveCriticalSection 96572->96576 96574 695331 96574->96534 96575->96538 96576->96574 96577 663156 96580 663170 96577->96580 96581 663187 96580->96581 96582 66318c 96581->96582 96583 6631eb 96581->96583 96584 6631e9 96581->96584 96585 663265 PostQuitMessage 96582->96585 96586 663199 96582->96586 96588 6a2dfb 96583->96588 96589 6631f1 96583->96589 96587 6631d0 DefWindowProcW 96584->96587 96593 66316a 96585->96593 96591 6631a4 96586->96591 96592 6a2e7c 96586->96592 96587->96593 96635 6618e2 10 API calls 96588->96635 96594 66321d SetTimer RegisterWindowMessageW 96589->96594 96595 6631f8 96589->96595 96597 6a2e68 96591->96597 96598 6631ae 96591->96598 96638 6cbf30 34 API calls ___scrt_fastfail 96592->96638 96594->96593 96599 663246 CreatePopupMenu 96594->96599 96601 6a2d9c 96595->96601 96602 663201 KillTimer 96595->96602 96596 6a2e1c 96636 67e499 42 API calls 96596->96636 96625 6cc161 96597->96625 96605 6a2e4d 96598->96605 96606 6631b9 96598->96606 96599->96593 96608 6a2da1 96601->96608 96609 6a2dd7 MoveWindow 96601->96609 96610 6630f2 Shell_NotifyIconW 96602->96610 96605->96587 96637 6c0ad7 22 API calls 96605->96637 96612 6631c4 96606->96612 96613 663253 96606->96613 96607 6a2e8e 96607->96587 96607->96593 96614 6a2dc6 SetFocus 96608->96614 96615 6a2da7 96608->96615 96609->96593 96611 663214 96610->96611 96632 663c50 DeleteObject DestroyWindow 96611->96632 96612->96587 96622 6630f2 Shell_NotifyIconW 96612->96622 96633 66326f 44 API calls ___scrt_fastfail 96613->96633 96614->96593 96615->96612 96618 6a2db0 96615->96618 96634 6618e2 10 API calls 96618->96634 96620 663263 96620->96593 96623 6a2e41 96622->96623 96624 663837 49 API calls 96623->96624 96624->96584 96626 6cc179 ___scrt_fastfail 96625->96626 96627 6cc276 96625->96627 96628 663923 24 API calls 96626->96628 96627->96593 96629 6cc1a0 96628->96629 96630 6cc25f KillTimer SetTimer 96629->96630 96631 6cc251 Shell_NotifyIconW 96629->96631 96630->96627 96631->96630 96632->96593 96633->96620 96634->96593 96635->96596 96636->96612 96637->96584 96638->96607 96639 6bd29a 96642 6cde27 WSAStartup 96639->96642 96641 6bd2a5 96643 6cde50 gethostname gethostbyname 96642->96643 96645 6cdee6 96642->96645 96644 6cde73 __fread_nolock 96643->96644 96643->96645 96646 6cdea5 inet_ntoa 96644->96646 96650 6cde87 96644->96650 96645->96641 96648 6cdebe _strcat 96646->96648 96647 6cdede WSACleanup 96647->96645 96651 6cebd1 96648->96651 96650->96647 96652 6cec37 96651->96652 96655 6cebe0 _strlen 96651->96655 96652->96650 96653 6cebef MultiByteToWideChar 96653->96652 96654 6cec04 96653->96654 96656 67fe0b 22 API calls 96654->96656 96655->96653 96657 6cec20 MultiByteToWideChar 96656->96657 96657->96652 96658 670116 96659 67fddb 22 API calls 96658->96659 96660 67011d 96659->96660 96661 6bd35f 96663 6bd30c 96661->96663 96664 6cdf27 SHGetFolderPathW 96663->96664 96665 666b57 22 API calls 96664->96665 96666 6cdf54 96665->96666 96666->96663 96667 6bd79f 96668 663b1c 3 API calls 96667->96668 96669 6bd7bf 96668->96669 96672 669c6e 22 API calls 96669->96672 96671 6bd7ef 96671->96671 96672->96671 96673 6f2a55 96681 6d1ebc 96673->96681 96676 6f2a70 96683 6c39c0 22 API calls 96676->96683 96678 6f2a87 96679 6f2a7c 96684 6c417d 22 API calls __fread_nolock 96679->96684 96682 6d1ec3 IsWindow 96681->96682 96682->96676 96682->96678 96683->96679 96684->96678 96685 66105b 96690 66344d 96685->96690 96687 66106a 96721 6800a3 29 API calls __onexit 96687->96721 96689 661074 96691 66345d __wsopen_s 96690->96691 96692 66a961 22 API calls 96691->96692 96693 663513 96692->96693 96694 663a5a 24 API calls 96693->96694 96695 66351c 96694->96695 96722 663357 96695->96722 96698 6633c6 22 API calls 96699 663535 96698->96699 96700 66515f 22 API calls 96699->96700 96701 663544 96700->96701 96702 66a961 22 API calls 96701->96702 96703 66354d 96702->96703 96704 66a6c3 22 API calls 96703->96704 96705 663556 RegOpenKeyExW 96704->96705 96706 6a3176 RegQueryValueExW 96705->96706 96710 663578 96705->96710 96707 6a320c RegCloseKey 96706->96707 96708 6a3193 96706->96708 96707->96710 96713 6a321e _wcslen 96707->96713 96709 67fe0b 22 API calls 96708->96709 96711 6a31ac 96709->96711 96710->96687 96712 665722 22 API calls 96711->96712 96714 6a31b7 RegQueryValueExW 96712->96714 96713->96710 96715 664c6d 22 API calls 96713->96715 96719 669cb3 22 API calls 96713->96719 96720 66515f 22 API calls 96713->96720 96716 6a31d4 96714->96716 96718 6a31ee ISource 96714->96718 96715->96713 96717 666b57 22 API calls 96716->96717 96717->96718 96718->96707 96719->96713 96720->96713 96721->96689 96723 6a1f50 __wsopen_s 96722->96723 96724 663364 GetFullPathNameW 96723->96724 96725 663386 96724->96725 96726 666b57 22 API calls 96725->96726 96727 6633a4 96726->96727 96727->96698 96728 6bd255 96729 663b1c 3 API calls 96728->96729 96730 6bd275 96729->96730 96730->96730 96731 661098 96736 6642de 96731->96736 96735 6610a7 96737 66a961 22 API calls 96736->96737 96738 6642f5 GetVersionExW 96737->96738 96739 666b57 22 API calls 96738->96739 96740 664342 96739->96740 96741 6693b2 22 API calls 96740->96741 96750 664378 96740->96750 96742 66436c 96741->96742 96744 6637a0 22 API calls 96742->96744 96743 66441b GetCurrentProcess IsWow64Process 96745 664437 96743->96745 96744->96750 96746 66444f LoadLibraryA 96745->96746 96747 6a3824 GetSystemInfo 96745->96747 96748 664460 GetProcAddress 96746->96748 96749 66449c GetSystemInfo 96746->96749 96748->96749 96752 664470 GetNativeSystemInfo 96748->96752 96753 664476 96749->96753 96750->96743 96751 6a37df 96750->96751 96752->96753 96754 66109d 96753->96754 96755 66447a FreeLibrary 96753->96755 96756 6800a3 29 API calls __onexit 96754->96756 96755->96754 96756->96735 96757 67f698 96758 67f6a2 96757->96758 96760 67f6c3 96757->96760 96766 66af8a 96758->96766 96765 6bf2f8 96760->96765 96774 6c4d4a 22 API calls ISource 96760->96774 96761 67f6b2 96763 66af8a 22 API calls 96761->96763 96764 67f6c2 96763->96764 96767 66af98 96766->96767 96773 66afc0 ISource 96766->96773 96768 66afa6 96767->96768 96770 66af8a 22 API calls 96767->96770 96769 66afac 96768->96769 96771 66af8a 22 API calls 96768->96771 96769->96773 96775 66b090 96769->96775 96770->96768 96771->96769 96773->96761 96774->96760 96776 66b09b ISource 96775->96776 96778 66b0d6 ISource 96776->96778 96779 67ce17 22 API calls ISource 96776->96779 96778->96773 96779->96778

                                                                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                                                                            Function 006642DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 389 6642de-66434d call 66a961 GetVersionExW call 666b57 394 664353 389->394 395 6a3617-6a362a 389->395 397 664355-664357 394->397 396 6a362b-6a362f 395->396 398 6a3632-6a363e 396->398 399 6a3631 396->399 400 66435d-6643bc call 6693b2 call 6637a0 397->400 401 6a3656 397->401 398->396 402 6a3640-6a3642 398->402 399->398 418 6643c2-6643c4 400->418 419 6a37df-6a37e6 400->419 405 6a365d-6a3660 401->405 402->397 404 6a3648-6a364f 402->404 404->395 407 6a3651 404->407 408 6a3666-6a36a8 405->408 409 66441b-664435 GetCurrentProcess IsWow64Process 405->409 407->401 408->409 413 6a36ae-6a36b1 408->413 411 664437 409->411 412 664494-66449a 409->412 415 66443d-664449 411->415 412->415 416 6a36db-6a36e5 413->416 417 6a36b3-6a36bd 413->417 424 66444f-66445e LoadLibraryA 415->424 425 6a3824-6a3828 GetSystemInfo 415->425 420 6a36f8-6a3702 416->420 421 6a36e7-6a36f3 416->421 426 6a36ca-6a36d6 417->426 427 6a36bf-6a36c5 417->427 418->405 428 6643ca-6643dd 418->428 422 6a37e8 419->422 423 6a3806-6a3809 419->423 432 6a3704-6a3710 420->432 433 6a3715-6a3721 420->433 421->409 431 6a37ee 422->431 434 6a380b-6a381a 423->434 435 6a37f4-6a37fc 423->435 436 664460-66446e GetProcAddress 424->436 437 66449c-6644a6 GetSystemInfo 424->437 426->409 427->409 429 6643e3-6643e5 428->429 430 6a3726-6a372f 428->430 438 6a374d-6a3762 429->438 439 6643eb-6643ee 429->439 440 6a373c-6a3748 430->440 441 6a3731-6a3737 430->441 431->435 432->409 433->409 434->431 442 6a381c-6a3822 434->442 435->423 436->437 443 664470-664474 GetNativeSystemInfo 436->443 444 664476-664478 437->444 447 6a376f-6a377b 438->447 448 6a3764-6a376a 438->448 445 6643f4-66440f 439->445 446 6a3791-6a3794 439->446 440->409 441->409 442->435 443->444 449 664481-664493 444->449 450 66447a-66447b FreeLibrary 444->450 451 664415 445->451 452 6a3780-6a378c 445->452 446->409 453 6a379a-6a37c1 446->453 447->409 448->409 450->449 451->409 452->409 454 6a37ce-6a37da 453->454 455 6a37c3-6a37c9 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 0066430D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,006FCB64,00000000,?,?), ref: 00664422
                                                                                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00664429
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00664454
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00664466
                                                                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00664474
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0066447B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 006644A0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bd2738eb64e9cb523d0c7ae7bd172129eb58d6f7da2d90ef2c137649f9a54624
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a52d9807434740b547f8faba4454ddbe3f2462584e38d709e74dd281180681d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd2738eb64e9cb523d0c7ae7bd172129eb58d6f7da2d90ef2c137649f9a54624
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DA1B77290A3D0DFE711D7797D411E57FE6AB27342B88D899E08193B22DA384909CF2D
                                                                                                                                                                                                                                                                                                                                                            Function 006642A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1977 6642a2-6642ba CreateStreamOnHGlobal 1978 6642bc-6642d3 FindResourceExW 1977->1978 1979 6642da-6642dd 1977->1979 1980 6a35ba-6a35c9 LoadResource 1978->1980 1981 6642d9 1978->1981 1980->1981 1982 6a35cf-6a35dd SizeofResource 1980->1982 1981->1979 1982->1981 1983 6a35e3-6a35ee LockResource 1982->1983 1983->1981 1984 6a35f4-6a3612 1983->1984 1984->1981
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,006650AA,?,?,00000000,00000000), ref: 006642B2
                                                                                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,006650AA,?,?,00000000,00000000), ref: 006642C9
                                                                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,006650AA,?,?,00000000,00000000,?,?,?,?,?,?,00664F20), ref: 006A35BE
                                                                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,006650AA,?,?,00000000,00000000,?,?,?,?,?,?,00664F20), ref: 006A35D3
                                                                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(006650AA,?,?,006650AA,?,?,00000000,00000000,?,?,?,?,?,?,00664F20,?), ref: 006A35E6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cee9b974825a9c41f18bd561c77f076896e5834efad92a62aa62e28af53de970
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 711b33a7bbf716ce34c5d1b0e6ba9c378f6f0e8d93f9ca1694ba436ef7a9f6b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cee9b974825a9c41f18bd561c77f076896e5834efad92a62aa62e28af53de970
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60115A70200604AFD7218B65DD59F677BBEEFC5B61F204169F40296250DB71DD10DA20
                                                                                                                                                                                                                                                                                                                                                            Function 006A2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00662B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00731418,?,00662E7F,?,?,?,00000000), ref: 00663A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00722224), ref: 006A2C10
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,00722224), ref: 006A2C17
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: runas
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 232efffb56e89607a0c8e2bbcfde144e8bac6154229295ef589d8b8366fd3f40
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f9fd44e8387d5140de24f7db131ccac93aea96eec484e9f5396f92d0e5b443b1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 232efffb56e89607a0c8e2bbcfde144e8bac6154229295ef589d8b8366fd3f40
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2113B31208396ABC744FF60E8619BEB7ABEF91354F44142CF482132A3CF35894AD716
                                                                                                                                                                                                                                                                                                                                                            Function 006CD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 006CD501
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 006CD50F
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 006CD52F
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006CD5DC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e042694bfd0331ae8c83c8b9d4dfd36f71818ccd4cc3b613c09130f8b4f03928
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 746ceb802ccc82ae5d18cd813014b8890b87c50a68c67219b9a70275a365fec1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e042694bfd0331ae8c83c8b9d4dfd36f71818ccd4cc3b613c09130f8b4f03928
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D531AF71008300AFD304EF54C881EBFBBEAEF99354F50092DF581932A1EB719948CBA2
                                                                                                                                                                                                                                                                                                                                                            Function 006CDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,006A5222), ref: 006CDBCE
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 006CDBDD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006CDBEE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006CDBFA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2387fd514fb65989fbc13f40ec65daa5bdc779fc415cd63a54a5ae4cc2ad6441
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e5b1834e1c631d0ae5ba7ed3fbc5a4696fa7f032e9d717edcb4364d14001114c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2387fd514fb65989fbc13f40ec65daa5bdc779fc415cd63a54a5ae4cc2ad6441
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3F0E57081091857C3206B7CAE0DDBA376EDE01374B10571AF836C22F0EBB06E55C6D5
                                                                                                                                                                                                                                                                                                                                                            Function 006BD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 741c6647de700b8958433c8450c70f65dba9e0a7a355f9495e61563e0de48f9b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fed256f18a8f2e3f9fc485f2d6be91a15021d68596cd5ee9110ff8577b707093
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 741c6647de700b8958433c8450c70f65dba9e0a7a355f9495e61563e0de48f9b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CD012E1C09158E9CB90D7E0DD45CF9B37EEB08301F508466FA0A95041F638C78AAB61
                                                                                                                                                                                                                                                                                                                                                            Function 00684CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(006928E9,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002,00000000,?,006928E9), ref: 00684D09
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002,00000000,?,006928E9), ref: 00684D10
                                                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00684D22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f4dad5bf76bbdca41ed19e8abc1afd31d517e3d7206330d1784d82974b4f9238
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 88705dbc3f0d0100a9effe8b00d2d3116f813627cf5a141ba867909b10d24b13
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4dad5bf76bbdca41ed19e8abc1afd31d517e3d7206330d1784d82974b4f9238
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35E0B632000549ABCF12BF54DE09AA87B6BEF41791B104118FD058A622CF35ED52DB84
                                                                                                                                                                                                                                                                                                                                                            Function 006BD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 006BD28C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd30e5ecc1948503b163b55416079d251cac5d82530a51b2a228647a1ae41a9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: de3afef0be66c9e428ad65daa0b5162ee74ea29c3dad4430fe7594d2b0eed422
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd30e5ecc1948503b163b55416079d251cac5d82530a51b2a228647a1ae41a9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9D0C9B480111DEACB94CBA0DC88DD9B37DBF04305F104555F106A2000DB30964A9F10
                                                                                                                                                                                                                                                                                                                                                            Function 0066BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: p#s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3964851224-3692422821
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 82a28d9c49dc018569c9bb90a997dd67f82ca38490b30b6602e6949e18db9776
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46341b82af5bbb57b58adc62f2f53cc45af58d49d916364ba49a4dd9dfab5638
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82a28d9c49dc018569c9bb90a997dd67f82ca38490b30b6602e6949e18db9776
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26A27EB0608741DFD760DF14C480B6ABBE2BF89314F14896DE89A9B352D771EC85CB92
                                                                                                                                                                                                                                                                                                                                                            Function 006EAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 6eaff9-6eb056 call 682340 3 6eb058-6eb06b call 66b567 0->3 4 6eb094-6eb098 0->4 12 6eb06d-6eb092 call 66b567 * 2 3->12 13 6eb0c8 3->13 6 6eb0dd-6eb0e0 4->6 7 6eb09a-6eb0bb call 66b567 * 2 4->7 9 6eb0f5-6eb119 call 667510 call 667620 6->9 10 6eb0e2-6eb0e5 6->10 30 6eb0bf-6eb0c4 7->30 33 6eb11f-6eb178 call 667510 call 667620 call 667510 call 667620 call 667510 call 667620 9->33 34 6eb1d8-6eb1e0 9->34 14 6eb0e8-6eb0ed call 66b567 10->14 12->30 17 6eb0cb-6eb0cf 13->17 14->9 22 6eb0d9-6eb0db 17->22 23 6eb0d1-6eb0d7 17->23 22->6 22->9 23->14 30->6 31 6eb0c6 30->31 31->17 82 6eb17a-6eb195 call 667510 call 667620 33->82 83 6eb1a6-6eb1d6 GetSystemDirectoryW call 67fe0b GetSystemDirectoryW 33->83 36 6eb20a-6eb238 GetCurrentDirectoryW call 67fe0b GetCurrentDirectoryW 34->36 37 6eb1e2-6eb1fd call 667510 call 667620 34->37 45 6eb23c 36->45 37->36 53 6eb1ff-6eb208 call 684963 37->53 48 6eb240-6eb244 45->48 51 6eb246-6eb270 call 669c6e * 3 48->51 52 6eb275-6eb285 call 6d00d9 48->52 51->52 64 6eb28b-6eb2e1 call 6d07c0 call 6d06e6 call 6d05a7 52->64 65 6eb287-6eb289 52->65 53->36 53->52 69 6eb2ee-6eb2f2 64->69 97 6eb2e3 64->97 65->69 71 6eb39a-6eb3be CreateProcessW 69->71 72 6eb2f8-6eb321 call 6c11c8 69->72 76 6eb3c1-6eb3d4 call 67fe14 * 2 71->76 87 6eb32a call 6c14ce 72->87 88 6eb323-6eb328 call 6c1201 72->88 103 6eb42f-6eb43d CloseHandle 76->103 104 6eb3d6-6eb3e8 76->104 82->83 105 6eb197-6eb1a0 call 684963 82->105 83->45 96 6eb32f-6eb33c call 684963 87->96 88->96 112 6eb33e-6eb345 96->112 113 6eb347-6eb357 call 684963 96->113 97->69 107 6eb43f-6eb444 103->107 108 6eb49c 103->108 109 6eb3ed-6eb3fc 104->109 110 6eb3ea 104->110 105->48 105->83 114 6eb446-6eb44c CloseHandle 107->114 115 6eb451-6eb456 107->115 118 6eb4a0-6eb4a4 108->118 116 6eb3fe 109->116 117 6eb401-6eb42a GetLastError call 66630c call 66cfa0 109->117 110->109 112->112 112->113 136 6eb359-6eb360 113->136 137 6eb362-6eb372 call 684963 113->137 114->115 123 6eb458-6eb45e CloseHandle 115->123 124 6eb463-6eb468 115->124 116->117 126 6eb4e5-6eb4f6 call 6d0175 117->126 119 6eb4a6-6eb4b0 118->119 120 6eb4b2-6eb4bc 118->120 119->126 127 6eb4be 120->127 128 6eb4c4-6eb4e3 call 66cfa0 CloseHandle 120->128 123->124 130 6eb46a-6eb470 CloseHandle 124->130 131 6eb475-6eb49a call 6d09d9 call 6eb536 124->131 127->128 128->126 130->131 131->118 136->136 136->137 146 6eb37d-6eb398 call 67fe14 * 3 137->146 147 6eb374-6eb37b 137->147 146->76 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006EB198
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006EB1B0
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006EB1D4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006EB200
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006EB214
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006EB236
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006EB332
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D05A7: GetStdHandle.KERNEL32(000000F6), ref: 006D05C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006EB34B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006EB366
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006EB3B6
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 006EB407
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006EB439
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006EB44A
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006EB45C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006EB46E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006EB4E3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b3c5c858f6aafc21c6c7a6dbdc46080555ff35fecbd8a3b7998247e97c14246
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c3844967ae81470426fe26332628683943f56aa53afb31edf6c306f6d11dbef4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b3c5c858f6aafc21c6c7a6dbdc46080555ff35fecbd8a3b7998247e97c14246
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF19A315093809FC754EF25C891B6FBBE2AF85314F14855DF8998B2A2DB31EC44CB96
                                                                                                                                                                                                                                                                                                                                                            Function 0066D730 Relevance: 21.6, APIs: 14, Instructions: 622windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 0066D807
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0066DA07
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0066DB28
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0066DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0066DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0066DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0066DBB1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2569b25e8ee3424bd97a0f330166ab125f4f61c5b83c4c43ea3d174dc9e115cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f9211105aad10441ac6bc8db3177ad7f3244e25687e17cc95fdadbd7289cc150
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2569b25e8ee3424bd97a0f330166ab125f4f61c5b83c4c43ea3d174dc9e115cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0742D1B0B08242EFD728CF24C894BEAB7E2BF46314F14865DE4558B391D774E885CB96
                                                                                                                                                                                                                                                                                                                                                            Function 00662CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00662D07
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00662D31
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00662D42
                                                                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00662D5F
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00662D6F
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00662D85
                                                                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00662D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c73ec590fd5a404de956455bcddc5e712261e2b75dee4101f0a68c0286fb050e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2358c576d8e4f9733f8a2bb3e118f0359f3b94cc969b88de5583beea7d33a0ca
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c73ec590fd5a404de956455bcddc5e712261e2b75dee4101f0a68c0286fb050e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C221E3B190124CEFEB00DFA4E949BEDBBB5FB08711F00811AF611A62A0D7B51544CF95
                                                                                                                                                                                                                                                                                                                                                            Function 006A065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 457 6a065b-6a068b call 6a042f 460 6a068d-6a0698 call 68f2c6 457->460 461 6a06a6-6a06b2 call 695221 457->461 466 6a069a-6a06a1 call 68f2d9 460->466 467 6a06cb-6a0714 call 6a039a 461->467 468 6a06b4-6a06c9 call 68f2c6 call 68f2d9 461->468 477 6a097d-6a0983 466->477 475 6a0781-6a078a GetFileType 467->475 476 6a0716-6a071f 467->476 468->466 481 6a078c-6a07bd GetLastError call 68f2a3 CloseHandle 475->481 482 6a07d3-6a07d6 475->482 479 6a0721-6a0725 476->479 480 6a0756-6a077c GetLastError call 68f2a3 476->480 479->480 486 6a0727-6a0754 call 6a039a 479->486 480->466 481->466 496 6a07c3-6a07ce call 68f2d9 481->496 484 6a07d8-6a07dd 482->484 485 6a07df-6a07e5 482->485 489 6a07e9-6a0837 call 69516a 484->489 485->489 490 6a07e7 485->490 486->475 486->480 499 6a0839-6a0845 call 6a05ab 489->499 500 6a0847-6a086b call 6a014d 489->500 490->489 496->466 499->500 506 6a086f-6a0879 call 6986ae 499->506 507 6a087e-6a08c1 500->507 508 6a086d 500->508 506->477 509 6a08e2-6a08f0 507->509 510 6a08c3-6a08c7 507->510 508->506 514 6a097b 509->514 515 6a08f6-6a08fa 509->515 510->509 513 6a08c9-6a08dd 510->513 513->509 514->477 515->514 516 6a08fc-6a092f CloseHandle call 6a039a 515->516 519 6a0963-6a0977 516->519 520 6a0931-6a095d GetLastError call 68f2a3 call 695333 516->520 519->514 520->519
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A039A: CreateFileW.KERNEL32(00000000,00000000,?,006A0704,?,?,00000000,?,006A0704,00000000,0000000C), ref: 006A03B7
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006A076F
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 006A0776
                                                                                                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 006A0782
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006A078C
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 006A0795
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006A07B5
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006A08FF
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006A0931
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 006A0938
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1fa2fb08f3fe92468f6261fa0de295bfbbe8c94eb1b43458fe05f6958b3ec59b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b7b12ef1895e3d5bf9a973da21d1c36ba55428da306ea05d19b47e7a04bfead1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fa2fb08f3fe92468f6261fa0de295bfbbe8c94eb1b43458fe05f6958b3ec59b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2A11432A001098FEF19BF68D861BAE7BA2AB07324F14415DF815EB391DB359D12CF95
                                                                                                                                                                                                                                                                                                                                                            Function 0066344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00731418,?,00662E7F,?,?,?,00000000), ref: 00663A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00663379
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0066356A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 006A318D
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006A31CE
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006A3210
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A3277
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A3286
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cdd1f4224133046e30ffe6cedfc71316adac6e080e30462986272df3c0ed98d1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 718e41b3cba46621feece6863cce2a5aa1522f02dfc61a6839c7617547e2c88c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdd1f4224133046e30ffe6cedfc71316adac6e080e30462986272df3c0ed98d1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE7104714043009ED314EF65EC829ABBBE9FF85350F50852EF545C3262EB389A09CF6A
                                                                                                                                                                                                                                                                                                                                                            Function 00662B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00662B8E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00662B9D
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00662BB3
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00662BC5
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00662BD7
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00662BEF
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00662C40
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662CD4: GetSysColorBrush.USER32(0000000F), ref: 00662D07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662CD4: RegisterClassExW.USER32(00000030), ref: 00662D31
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00662D42
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662CD4: InitCommonControlsEx.COMCTL32(?), ref: 00662D5F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00662D6F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662CD4: LoadIconW.USER32(000000A9), ref: 00662D85
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00662D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7ab16b38a126fab239f350a798282a5d4cd478efedfcd9af2029389785e06300
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 06bd3b3e4032b93ca09bd3817d83c519e9271feb886a565abb265b16e691ec7f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ab16b38a126fab239f350a798282a5d4cd478efedfcd9af2029389785e06300
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09213EB1E00318AFEB109FA6ED55BAD7FB5FB48B51F40801AF500A66A0D7B91544CF98
                                                                                                                                                                                                                                                                                                                                                            Function 0066B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0066BB4E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: p#s$p#s$p#s$p#s$p%s$p%s$x#s$x#s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-2360114552
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b91bff8c3b632d9abd8e5fc24be767aa2532fd94c10adc22f0d6f0f5d463a830
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0ffa783945305ebeaa916a4bcb14913054f5edfc079f1e3f5ce5aa1a216835b9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b91bff8c3b632d9abd8e5fc24be767aa2532fd94c10adc22f0d6f0f5d463a830
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC328E74A00209DFEB24CF58C894AFEBBBBEF45314F148059E905AB352D774AD82CB95
                                                                                                                                                                                                                                                                                                                                                            Function 00663170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 805 663170-663185 806 663187-66318a 805->806 807 6631e5-6631e7 805->807 808 66318c-663193 806->808 809 6631eb 806->809 807->806 810 6631e9 807->810 811 663265-66326d PostQuitMessage 808->811 812 663199-66319e 808->812 814 6a2dfb-6a2e23 call 6618e2 call 67e499 809->814 815 6631f1-6631f6 809->815 813 6631d0-6631d8 DefWindowProcW 810->813 820 663219-66321b 811->820 817 6631a4-6631a8 812->817 818 6a2e7c-6a2e90 call 6cbf30 812->818 819 6631de-6631e4 813->819 849 6a2e28-6a2e2f 814->849 821 66321d-663244 SetTimer RegisterWindowMessageW 815->821 822 6631f8-6631fb 815->822 824 6a2e68-6a2e72 call 6cc161 817->824 825 6631ae-6631b3 817->825 818->820 843 6a2e96 818->843 820->819 821->820 826 663246-663251 CreatePopupMenu 821->826 828 6a2d9c-6a2d9f 822->828 829 663201-66320f KillTimer call 6630f2 822->829 839 6a2e77 824->839 832 6a2e4d-6a2e54 825->832 833 6631b9-6631be 825->833 826->820 835 6a2da1-6a2da5 828->835 836 6a2dd7-6a2df6 MoveWindow 828->836 838 663214 call 663c50 829->838 832->813 846 6a2e5a-6a2e63 call 6c0ad7 832->846 841 6631c4-6631ca 833->841 842 663253-663263 call 66326f 833->842 844 6a2dc6-6a2dd2 SetFocus 835->844 845 6a2da7-6a2daa 835->845 836->820 838->820 839->820 841->813 841->849 842->820 843->813 844->820 845->841 850 6a2db0-6a2dc1 call 6618e2 845->850 846->813 849->813 854 6a2e35-6a2e48 call 6630f2 call 663837 849->854 850->820 854->813
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0066316A,?,?), ref: 006631D8
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0066316A,?,?), ref: 00663204
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00663227
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0066316A,?,?), ref: 00663232
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00663246
                                                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00663267
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9b2893b98b37be6b7a3248b4a14343c3ed7fed4c42e238a1f48b7b20614acabc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 40c03c5e1285774447ce30496f7b3a0fc9527063f9f59a64a7f984920a82b57a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b2893b98b37be6b7a3248b4a14343c3ed7fed4c42e238a1f48b7b20614acabc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF415931240264A7EB142B7C9D6DBF93B5FEB06350F444129FA02C63A2C77A9F41CB69
                                                                                                                                                                                                                                                                                                                                                            Function 0066DFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: D%s$D%s$D%s$D%s$D%sD%s$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2674537417
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f523d2d67b4d8e5910281a395a74af00425267d7f70f02caefc4eb4d426ee753
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 54d5ac25259c226e07e9547a5061c8e843725ac947e863eb161adc6c52f697dc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f523d2d67b4d8e5910281a395a74af00425267d7f70f02caefc4eb4d426ee753
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1C29F79A00215CFDB24CF58C880AADB7F2FF09310F248569E915AB351D776ED82CB95
                                                                                                                                                                                                                                                                                                                                                            Function 0066EC40 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0066FE66
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: D%s$D%s$D%s$D%s$D%sD%s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-1934892366
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c566c17f2918a6d9c3b1992c559dad056c0b50962b5a0f7cec367ce40d8107a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fd34d0ea5a0e6e0d4628955b3b80be10322c22908a357136835fdde43fdf5c60
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c566c17f2918a6d9c3b1992c559dad056c0b50962b5a0f7cec367ce40d8107a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83B29E74608340CFDB64CF18D490A6AB7E2BF99310F24896DF8859B352DB75ED81CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00661410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1814 661410-661449 1815 6a24b8-6a24b9 DestroyWindow 1814->1815 1816 66144f-661465 mciSendStringW 1814->1816 1821 6a24c4-6a24d1 1815->1821 1817 6616c6-6616d3 1816->1817 1818 66146b-661473 1816->1818 1819 6616d5-6616f0 UnregisterHotKey 1817->1819 1820 6616f8-6616ff 1817->1820 1818->1821 1822 661479-661488 call 66182e 1818->1822 1819->1820 1824 6616f2-6616f3 call 6610d0 1819->1824 1820->1818 1825 661705 1820->1825 1826 6a24d3-6a24d6 1821->1826 1827 6a2500-6a2507 1821->1827 1833 6a250e-6a251a 1822->1833 1834 66148e-661496 1822->1834 1824->1820 1825->1817 1831 6a24d8-6a24e0 call 666246 1826->1831 1832 6a24e2-6a24e5 FindClose 1826->1832 1827->1821 1830 6a2509 1827->1830 1830->1833 1835 6a24eb-6a24f8 1831->1835 1832->1835 1841 6a251c-6a251e FreeLibrary 1833->1841 1842 6a2524-6a252b 1833->1842 1838 6a2532-6a253f 1834->1838 1839 66149c-6614c1 call 66cfa0 1834->1839 1835->1827 1840 6a24fa-6a24fb call 6d32b1 1835->1840 1846 6a2541-6a255e VirtualFree 1838->1846 1847 6a2566-6a256d 1838->1847 1852 6614c3 1839->1852 1853 6614f8-661503 CoUninitialize 1839->1853 1840->1827 1841->1842 1842->1833 1845 6a252d 1842->1845 1845->1838 1846->1847 1850 6a2560-6a2561 call 6d3317 1846->1850 1847->1838 1848 6a256f 1847->1848 1854 6a2574-6a2578 1848->1854 1850->1847 1855 6614c6-6614f6 call 661a05 call 6619ae 1852->1855 1853->1854 1856 661509-66150e 1853->1856 1854->1856 1857 6a257e-6a2584 1854->1857 1855->1853 1859 661514-66151e 1856->1859 1860 6a2589-6a2596 call 6d32eb 1856->1860 1857->1856 1863 661707-661714 call 67f80e 1859->1863 1864 661524-66152f call 66988f 1859->1864 1873 6a2598 1860->1873 1863->1864 1875 66171a 1863->1875 1874 661535 call 661944 1864->1874 1877 6a259d-6a25bf call 67fdcd 1873->1877 1876 66153a-6615a5 call 6617d5 call 67fe14 call 66177c call 66988f call 66cfa0 call 6617fe call 67fe14 1874->1876 1875->1863 1876->1877 1903 6615ab-6615cf call 67fe14 1876->1903 1882 6a25c1 1877->1882 1885 6a25c6-6a25e8 call 67fdcd 1882->1885 1891 6a25ea 1885->1891 1894 6a25ef-6a2611 call 67fdcd 1891->1894 1901 6a2613 1894->1901 1904 6a2618-6a2625 call 6c64d4 1901->1904 1903->1885 1909 6615d5-6615f9 call 67fe14 1903->1909 1910 6a2627 1904->1910 1909->1894 1915 6615ff-661619 call 67fe14 1909->1915 1912 6a262c-6a2639 call 67ac64 1910->1912 1918 6a263b 1912->1918 1915->1904 1920 66161f-661643 call 6617d5 call 67fe14 1915->1920 1921 6a2640-6a264d call 6d3245 1918->1921 1920->1912 1929 661649-661651 1920->1929 1927 6a264f 1921->1927 1931 6a2654-6a2661 call 6d32cc 1927->1931 1929->1921 1930 661657-661668 call 66988f call 66190a 1929->1930 1938 66166d-661675 1930->1938 1937 6a2663 1931->1937 1939 6a2668-6a2675 call 6d32cc 1937->1939 1938->1931 1940 66167b-661689 1938->1940 1945 6a2677 1939->1945 1940->1939 1942 66168f-6616c5 call 66988f * 3 call 661876 1940->1942 1945->1945
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00661459
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 006614F8
                                                                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 006616DD
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006A24B9
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 006A251E
                                                                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 006A254B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57ef0ec25e26eebc46062e8b2ee7a9479f0f28790563f8df6c6f946d4d7ffae9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: adb5fd5f5edab60a22dbd3c3aa44bbe7ffd8857298ef00f3999067748d4002be
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57ef0ec25e26eebc46062e8b2ee7a9479f0f28790563f8df6c6f946d4d7ffae9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BD1A031B01212CFCB19EF19C5A5A69F7A6BF06710F18819DE84AAB351DB30ED12CF54
                                                                                                                                                                                                                                                                                                                                                            Function 006CDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1953 6cde27-6cde4a WSAStartup 1954 6cdee6-6cdef2 call 684983 1953->1954 1955 6cde50-6cde71 gethostname gethostbyname 1953->1955 1963 6cdef3-6cdef6 1954->1963 1955->1954 1956 6cde73-6cde7a 1955->1956 1958 6cde7c-6cde81 1956->1958 1959 6cde83-6cde85 1956->1959 1958->1958 1958->1959 1961 6cde96-6cdedb call 680e20 inet_ntoa call 68d5f0 call 6cebd1 call 684983 call 67fe14 1959->1961 1962 6cde87-6cde94 call 684983 1959->1962 1968 6cdede-6cdee4 WSACleanup 1961->1968 1962->1968 1968->1963
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3768f75718864550954cdf343d1ae51e06dcf775dc4a0cb43958a1c7a2cb735a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5e40a65e251af8d015802952f246877d6c126af16d8bdaa06e3358638d2f95e7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3768f75718864550954cdf343d1ae51e06dcf775dc4a0cb43958a1c7a2cb735a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15110671904119AFCB60BB24DD0AEFE77AEDF18720F01017EF50996191EF718A81CBA0
                                                                                                                                                                                                                                                                                                                                                            Function 00662C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1987 662c63-662cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00662C91
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00662CB2
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00661CAD,?), ref: 00662CC6
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00661CAD,?), ref: 00662CCF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ca2a4d7225a3308f2f09c16042fc4efbe31d91e09fe36702e1c11e65ca3114cc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 29c16b1ff0223cf9467fef86ea3bee99f1dcce29ca072ac8ca52961a73a235cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca2a4d7225a3308f2f09c16042fc4efbe31d91e09fe36702e1c11e65ca3114cc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2F03A755402987AFB301B13AC18EB72FBED7C6F61B40801AFA00A35A0C2690844DEB8
                                                                                                                                                                                                                                                                                                                                                            Function 00663B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 2412 663b1c-663b27 2413 663b99-663b9b 2412->2413 2414 663b29-663b2e 2412->2414 2415 663b8c-663b8f 2413->2415 2414->2413 2416 663b30-663b48 RegOpenKeyExW 2414->2416 2416->2413 2417 663b4a-663b69 RegQueryValueExW 2416->2417 2418 663b80-663b8b RegCloseKey 2417->2418 2419 663b6b-663b76 2417->2419 2418->2415 2420 663b90-663b97 2419->2420 2421 663b78-663b7a 2419->2421 2422 663b7e 2420->2422 2421->2422 2422->2418
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00663B0F,SwapMouseButtons,00000004,?), ref: 00663B40
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00663B0F,SwapMouseButtons,00000004,?), ref: 00663B61
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00663B0F,SwapMouseButtons,00000004,?), ref: 00663B83
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4979c42979eca9b386a7a7ee6f17716c1171567670a2b23b5f44207b6f8e54bd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d01d1c99ce9aaa5657a5706a50c93a3381b8f70412bd86f71d55f1393cd92adb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4979c42979eca9b386a7a7ee6f17716c1171567670a2b23b5f44207b6f8e54bd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0115AB1510218FFDB208FA4DC44EEEB7B9EF21754B104459A801D7210D6319E419760
                                                                                                                                                                                                                                                                                                                                                            Function 006BD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 2423 6bd3a0-6bd3a9 2424 6bd3ab-6bd3b7 2423->2424 2425 6bd376-6bd37b 2423->2425 2426 6bd3c9 2424->2426 2427 6bd3b9-6bd3c7 GetProcAddress 2424->2427 2428 6bd292-6bd2a8 2425->2428 2429 6bd3ce-6bd3de 2426->2429 2427->2426 2427->2429 2431 6bd2a9 2428->2431 2429->2428 2433 6bd3e4-6bd3eb FreeLibrary 2429->2433 2431->2431 2433->2428
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 006BD3BF
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 006BD3E5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3289b1074e8af29cac5bf2a0d4fa9b9978e6804b9705eb155d4fcb6cc99d8a53
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c79dcbd2ccb94b1c68aad9dce5954fbbc52bb61eee7fea097b947426ca7f8ae9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3289b1074e8af29cac5bf2a0d4fa9b9978e6804b9705eb155d4fcb6cc99d8a53
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEF055E2802A659BD3314B208D24DF93723AF01B01B589128EA02E920AF734CEC98382
                                                                                                                                                                                                                                                                                                                                                            Function 00663923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006A33A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00663A04
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc952582664536f16f782948d8e5d477ddd0df013574ca7c752c3c359ad65abc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c349b98b46dbc069f68c7c219917ae7a88fdfff6f14d49bf4dd8ba8f1d982908
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc952582664536f16f782948d8e5d477ddd0df013574ca7c752c3c359ad65abc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E31D471408324AED765EB20DC45BEBB7DAAF40710F00462EF599932D1EF749A49CBCA
                                                                                                                                                                                                                                                                                                                                                            Function 00662DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 006A2C8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00662DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00662DC4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID: X$`er
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 779396738-256315308
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: be6a582c270aeddf2de48a4f435645793c90d7f6ec976dae1812ebb87590f9d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d8f767d5d79a738d52ed29a2a0a175fc94ca90fdc5fb224800dfa7def3a31fe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be6a582c270aeddf2de48a4f435645793c90d7f6ec976dae1812ebb87590f9d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA21D870A002989FCB41EF94D8557EE7BFAAF49314F00806EE405A7341DFB85A498F65
                                                                                                                                                                                                                                                                                                                                                            Function 0067FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00680668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006832A4: RaiseException.KERNEL32(?,?,?,0068068A,?,00731444,?,?,?,?,?,?,0068068A,00661129,00728738,00661129), ref: 00683304
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00680685
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: af73550351bea2f442e2a2594e947a9deaf8823851b156f9522ad231bcc3530b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf5c0db7779c7ce4b0a7c5215e6475204bb8f9b8e93f62f2ff282530058c287a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af73550351bea2f442e2a2594e947a9deaf8823851b156f9522ad231bcc3530b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7F0283490020D77CB90B764E856C9D776F5E00310B608A35B92891692EF31DB5ACB85
                                                                                                                                                                                                                                                                                                                                                            Function 006610F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00661BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00661BF4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00661BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00661BFC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00661BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00661C07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00661BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00661C12
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00661BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00661C1A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00661BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00661C22
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00661B4A: RegisterWindowMessageW.USER32(00000004,?,006612C4), ref: 00661BA2
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0066136A
                                                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00661388
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 006A24AB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 564a5477f4054a1e6888802aba25ba3cda159fc8a88ad5c6dbb2ab646b81201f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 988a3c27441e9cd1005d138c7dc98133c176859610c8cb334268e064d5f97f01
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 564a5477f4054a1e6888802aba25ba3cda159fc8a88ad5c6dbb2ab646b81201f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F071CCB59012448FE384DFB9AD456A53BE2BB893627D4C22ED14AC7362EB384421CF5D
                                                                                                                                                                                                                                                                                                                                                            Function 006CC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00663A04
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 006CC259
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 006CC261
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 006CC270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: def6ba977597404d6c495f668c1111e58684ab230da607d0a7c13f59d818d862
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ab6d72d7c8224d737598691d3e0ef77cef12454f2e94f7c85e806183af88798
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: def6ba977597404d6c495f668c1111e58684ab230da607d0a7c13f59d818d862
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8431C370904344AFEB329F648895BF7BBEEDB06314F04049ED1DE93241C3785A85CB51
                                                                                                                                                                                                                                                                                                                                                            Function 006986AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,006985CC,?,00728CC8,0000000C), ref: 00698704
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,006985CC,?,00728CC8,0000000C), ref: 0069870E
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00698739
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a08ed956922ff16a9008cb54cf0f6536958c982b553d8c65b632106d53d81175
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4f866c0aaf4d6e2f6a8cea48ec2cf93c6685910181b0b894dab29ca3afcc04ff
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a08ed956922ff16a9008cb54cf0f6536958c982b553d8c65b632106d53d81175
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5016B336046201EDE616374A845BBE274F4B83774F39011DF8058FAD3EEA08C81C294
                                                                                                                                                                                                                                                                                                                                                            Function 0066DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0066DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0066DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0066DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0066DBB1
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 006B1CC9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: df4afd7a336968a0c4613a01c0a94f8502d522cb86a29110e4c36967ccdc3069
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b5566d0f9858027aeb81e99f0df6d0b516d45acec50f027035121db48adc965
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df4afd7a336968a0c4613a01c0a94f8502d522cb86a29110e4c36967ccdc3069
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34F08271604345EBE730DBA0CC59FEA73AEEF45320F504919E61AC71D0DB34A488CB19
                                                                                                                                                                                                                                                                                                                                                            Function 00671310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 006717F6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e0093345e4bba4524b1d4733f7f393b0a452ad9dd837cc628d55fd7f5471a199
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f0a4a4f451f33681de10e7c8b9f273261dfc909bc5ae94b329cf9b0bfad75a59
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0093345e4bba4524b1d4733f7f393b0a452ad9dd837cc628d55fd7f5471a199
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB22ADB0608301DFD754DF18C480A6ABBF2BF86314F24895EF49A8B362D735E985CB56
                                                                                                                                                                                                                                                                                                                                                            Function 006701E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d75a75f994ee2a7dbc102bac0c7a030e0a7fe93474ffdc3a288746e412150d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce5f3cddb2c2cb30d2dd93ce7f269efe639aa1b45655bd008219fef47f7f20e3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d75a75f994ee2a7dbc102bac0c7a030e0a7fe93474ffdc3a288746e412150d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF32D371A00605DFDB20DF54C885BEEB7B3AF05310F148569E91AAB3A2D771ED80CBA5
                                                                                                                                                                                                                                                                                                                                                            Function 006BD363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetComputerNameW.KERNEL32(?,?), ref: 006BD375
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d1077ca71275e5ce81de9549aa8c949e2a77df69c4c6814170b2bee47fcf3db
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0ca834903bbcdf775167cce608cba8a2f1fc0abb59728c285033f2ff9d7fecfe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d1077ca71275e5ce81de9549aa8c949e2a77df69c4c6814170b2bee47fcf3db
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97D0C9F580515CEACB94CB50DC88DE9B37EBF04345F509555F106A2000E73496899B10
                                                                                                                                                                                                                                                                                                                                                            Function 00663837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00663908
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8a91f74e846d6bef36acde0e97363ec713ebdb6e8c06b3adf8449c239e28f1ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b349472b24ef43c3ddd603d303f32427b64ac8fb285fff2ff8138361fce7fc4b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a91f74e846d6bef36acde0e97363ec713ebdb6e8c06b3adf8449c239e28f1ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E31A2706047119FE760DF24D8847D7BBE9FB49719F00092EF59A83340E775AA44CB56
                                                                                                                                                                                                                                                                                                                                                            Function 0067F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0067F661
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D730: GetInputState.USER32 ref: 0066D807
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 006BF2DE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8f964d9d2470f2fe8944e2d0aa82d0f6cc6c42ec430c0e35f0a629b572457d23
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 79a20c3f9c36991654883752215d151ce3d01c3a4df4fb9e4e5310529efc407e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f964d9d2470f2fe8944e2d0aa82d0f6cc6c42ec430c0e35f0a629b572457d23
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58F08C312402059FD350EF6AD949BAABBEAEF45760F00402DE85AC7360EB70A840CB95
                                                                                                                                                                                                                                                                                                                                                            Function 00664ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00664E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E9C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00664E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00664EAE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00664E90: FreeLibrary.KERNEL32(00000000,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664EC0
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664EFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00664E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E62
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00664E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00664E74
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00664E59: FreeLibrary.KERNEL32(00000000,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E87
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6a4feed4f40b9e2c8289954cdacf4bb51a8575f1bf07857389bc40becc6374e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a1a0f78d884cc494b663a2509b47745740bcd18847b65a584eac74999f6b955
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6a4feed4f40b9e2c8289954cdacf4bb51a8575f1bf07857389bc40becc6374e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0611E332600305AACB55BB60DC03FAD77A7AF80710F20842EF542A62C1EE729E05DB99
                                                                                                                                                                                                                                                                                                                                                            Function 00698402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e3711c8ec66d5390f717a05e9f2c9748de35641d56d1997ddaf81f672b5c19dd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 060c14a8c2cb0d15bcbc763167af5d61108b3a924f171c0bc30ca9e2527d5ebc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3711c8ec66d5390f717a05e9f2c9748de35641d56d1997ddaf81f672b5c19dd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6111187590410AAFCF05DF58E9419DA7BF9EF49314F104069F808AB312DA31DA11CBA5
                                                                                                                                                                                                                                                                                                                                                            Function 00695000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00694C7D: RtlAllocateHeap.NTDLL(00000008,00661129,00000000,?,00692E29,00000001,00000364,?,?,?,0068F2DE,00693863,00731444,?,0067FDF5,?), ref: 00694CBE
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069506C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9a268ec9bf1b9f96ea805bc0ca945051544a09d79eb9a851e628edeb39c2e039
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98014E722047056BEB32CF55D841D9AFBEEFB85370F25061DE185836C0EA306806C7B4
                                                                                                                                                                                                                                                                                                                                                            Function 0068E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 544a59661004f187b5bd656e2df84c105c91dc8e240eaa124bf474dd32278725
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86F02832510A14AADF313A698C05B9A339F9F62331F14071DF524976E2EF75D84287AD
                                                                                                                                                                                                                                                                                                                                                            Function 00694C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00661129,00000000,?,00692E29,00000001,00000364,?,?,?,0068F2DE,00693863,00731444,?,0067FDF5,?), ref: 00694CBE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5a62b5d7ba8b8ecc11906fded6cd1e26fd9183171fec4c73aa9ea132ffb6a53a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e504a185331ac4d4aba292e9bd9ddacc1137cd73a6fd4b9a4d6199595d7add7a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a62b5d7ba8b8ecc11906fded6cd1e26fd9183171fec4c73aa9ea132ffb6a53a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CF0B431602224EEDF216F629C09F9A378FBF417B1B144216B815A6A80CE30D80386A4
                                                                                                                                                                                                                                                                                                                                                            Function 00693820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3558f1a1a8c93931f7e73a6bdf3a7dd81d19b5a948856e231b5348b1314a3293
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 36e144c3b1428f264f8fc5472b7d3db4396cec42280aa4f1ecd022fc7f3779b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3558f1a1a8c93931f7e73a6bdf3a7dd81d19b5a948856e231b5348b1314a3293
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04E0E53110023556EF2136679E04BDA374FAF427B0F050125BC06E2F80CB10DE0193E5
                                                                                                                                                                                                                                                                                                                                                            Function 00664F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664F6D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f64d59702c0bcc4614d1abf386ea98445ccaabd6f0278be90349792b9da2b261
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6bf0fdb4497685b8881cd3573697a6ee0c03956a346dcea5f71eabc02d9786f1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f64d59702c0bcc4614d1abf386ea98445ccaabd6f0278be90349792b9da2b261
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10F03071105751CFDB389F64D490862B7F6AF54329310CA7EE1DA82611CB319844DF10
                                                                                                                                                                                                                                                                                                                                                            Function 006F2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 006F2A66
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b360c2903275980ff79e2a45b4a2fb44025f2b148b40d752fc397b52938b4a6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7df2f763fe4f311269b6bd7cedb871909578ae8fb5596fd3c9906b06eadca2aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b360c2903275980ff79e2a45b4a2fb44025f2b148b40d752fc397b52938b4a6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCE04F3675411BAAC754EA30EC909FA735EEB50395710453EAD16C6200EB309996DAA4
                                                                                                                                                                                                                                                                                                                                                            Function 006630F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0066314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b2e52e33a6cdef12c34f75923bdf56b5cdc8eaf28642c9c1697a30ef74eab993
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 775242c03bc8484ce393731c006bee8c654c429a374ba3599912cff8cd8cccb7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2e52e33a6cdef12c34f75923bdf56b5cdc8eaf28642c9c1697a30ef74eab993
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EF030709143189FEB629B24DC8A7DA7BFCAB01708F0041E9A68897292DB745B88CF55
                                                                                                                                                                                                                                                                                                                                                            Function 00662DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00662DC4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b1dbbe65eb1fca919893b0d3fb75c0b42129c8cc1f878ee03b647356a1970524
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7cf342cbf9ccf1d4a38bf5faaa442f188d7bfddff642983050ca8127fc22b4db
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1dbbe65eb1fca919893b0d3fb75c0b42129c8cc1f878ee03b647356a1970524
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7E0CD766001245BC710A658DC05FEA77DEDFC97A0F044075FD09D7248D960AD80C554
                                                                                                                                                                                                                                                                                                                                                            Function 00662B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00663908
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D730: GetInputState.USER32 ref: 0066D807
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00662B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006630F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0066314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9705bf1bf0bbf08d7dd8079da7677ba7e5369127624d12278d4146a6232ac7e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4041ec982fbdd795b13b1af164698683ce7e998ed5cbf00b6cde7c83f0728c52
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9705bf1bf0bbf08d7dd8079da7677ba7e5369127624d12278d4146a6232ac7e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3E07D3230029407C748BB71A8124BDF74BCFD1351F40183EF442433A3CF244949831A
                                                                                                                                                                                                                                                                                                                                                            Function 006CDF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 006CDF40
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7961985cdd38d3c47d98b632ebe2f205af23db14c306d6639c8d63105f43c557
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dedc378ca5c26f3c76fbafe2b72d928e2dd4eed3a6b7c284e5f24e8b4f483f99
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7961985cdd38d3c47d98b632ebe2f205af23db14c306d6639c8d63105f43c557
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59D05EA2A002286BDF60E674DD0DDF73AADC740224F0006A0786DD3152E960ED4486B0
                                                                                                                                                                                                                                                                                                                                                            Function 006A039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,006A0704,?,?,00000000,?,006A0704,00000000,0000000C), ref: 006A03B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e4ea0ffbab75b8d99cb5df2331074d699a9b5c286d99fcf9a75525f32cfa869
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c3ca7a27991fcd4e5e883f5aadc43678b5e31bd14cfb2b45db60cec9f6529908
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e4ea0ffbab75b8d99cb5df2331074d699a9b5c286d99fcf9a75525f32cfa869
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29D06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C732E831EB90
                                                                                                                                                                                                                                                                                                                                                            Function 00661CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00661CBC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf5d33ae684ab53c3892f3b8ed55f732047975b0f85b08708a7dcdfd3f7e9386
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e5fceb14db8d24c2b88cd2133a5e7dc1edef07614509a544c2d793212c011f91
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf5d33ae684ab53c3892f3b8ed55f732047975b0f85b08708a7dcdfd3f7e9386
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23C09236280308AFF3148B80BD5AF207B65A348B12F54C001F609AA5E3C3A62834EA58

                                                                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                            Function 006F9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 006F961A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006F965B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 006F969F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006F96C9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006F96F2
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 006F978B
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 006F9798
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006F97AE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 006F97B8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006F97E9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006F9810
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001030,?,006F7E95), ref: 006F9918
                                                                                                                                                                                                                                                                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 006F992E
                                                                                                                                                                                                                                                                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 006F9941
                                                                                                                                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 006F994A
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006F99AF
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 006F99BC
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006F99D6
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 006F99E1
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006F9A19
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006F9A26
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 006F9A80
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006F9AAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 006F9AEB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006F9B1A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 006F9B3B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 006F9B4A
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006F9B68
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006F9B75
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 006F9B93
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 006F9BFA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006F9C2B
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006F9C84
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 006F9CB4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 006F9CDE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006F9D01
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006F9D4E
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 006F9D82
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679944: GetWindowLongW.USER32(?,000000EB), ref: 00679952
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F9E05
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F$p#s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429851547-570795275
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ed05fee0ebd9c1b84ac66b27647f9e5969f1de337140dc22baf9a7cee354424
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 976f2759fcc1178c42cfbcc812a3bef1d014b826d1c505e3b0af111615bab408
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ed05fee0ebd9c1b84ac66b27647f9e5969f1de337140dc22baf9a7cee354424
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42428B30208248AFE724DF28CD44BBABBE6FF49720F144619F699C72A1D731A855CF65
                                                                                                                                                                                                                                                                                                                                                            Function 006F4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 006F48F3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 006F4908
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 006F4927
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 006F494B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 006F495C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 006F497B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 006F49AE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 006F49D4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 006F4A0F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006F4A56
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006F4A7E
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 006F4A97
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006F4AF2
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006F4B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F4B94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 006F4BE3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 006F4C82
                                                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 006F4CAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006F4CC9
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 006F4CF1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 006F4D13
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006F4D33
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 006F4D5A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f39ba916f8fcfecf147812030bc62a67a64d561be33237a6a9fdd4a7b13ed4d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 68b6de7a54d7e09c3795565d2566f38c69223747fe709044ab607c5eda444817
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f39ba916f8fcfecf147812030bc62a67a64d561be33237a6a9fdd4a7b13ed4d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2312DF71604218ABEB248F28CC49FBF7BFAAF85310F104119FA1ADA6A5DB749941CB50
                                                                                                                                                                                                                                                                                                                                                            Function 0067F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0067F998
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006BF474
                                                                                                                                                                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 006BF47D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 006BF48A
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 006BF494
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006BF4AA
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 006BF4B1
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006BF4BD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 006BF4CE
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 006BF4D6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 006BF4DE
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 006BF4E1
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF4F6
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 006BF501
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF50B
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 006BF510
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF519
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 006BF51E
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF528
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 006BF52D
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 006BF530
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 006BF557
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a472127954f07b94e6ef8dd5d420f9df3c1301bd45000d920bfeaa4130e108c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a2254b9c277056553e7a476b0708ccfceda9340379439b35be540433de3bfa92
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a472127954f07b94e6ef8dd5d420f9df3c1301bd45000d920bfeaa4130e108c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E43141B2A4021CBBEB206BB55D4AFFF7E6EEB44B60F101065FA01E61D1C6B15D50EB60
                                                                                                                                                                                                                                                                                                                                                            Function 006C1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006C170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006C173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C16C3: GetLastError.KERNEL32 ref: 006C174A
                                                                                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 006C1286
                                                                                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 006C12A8
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006C12B9
                                                                                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006C12D1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 006C12EA
                                                                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 006C12F4
                                                                                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 006C1310
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006C11FC), ref: 006C10D4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10BF: CloseHandle.KERNEL32(?,?,006C11FC), ref: 006C10E9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0$Zr
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 22674027-1304496012
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9fce561be608e77670b3690c26ae8d127fad49367ed94558eb23f3d601cdfc55
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e974a7e668817f8550234e86b443e9e90eff730ed0f6ecce62902a22206d6819
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fce561be608e77670b3690c26ae8d127fad49367ed94558eb23f3d601cdfc55
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67818871900209ABDF259FA4DD49FFE7BBAEF06704F14816DF910AA2A2D7358944CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006C0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006C1114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006C114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006C0BCC
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006C0C00
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 006C0C17
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 006C0C51
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006C0C6D
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 006C0C84
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 006C0C8C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 006C0C93
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006C0CB4
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 006C0CBB
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006C0CEA
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006C0D0C
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006C0D1E
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0D45
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0D4C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0D55
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0D5C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0D65
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0D6C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 006C0D78
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0D7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1193: GetProcessHeap.KERNEL32(00000008,006C0BB1,?,00000000,?,006C0BB1,?), ref: 006C11A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006C0BB1,?), ref: 006C11A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006C0BB1,?), ref: 006C11B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c47f94fe51f13fa34a8be9bce5c61ef5dafe42b3f31b867101b764084e9420ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 559b921c44de0c30dbb16f9f05754a23add4f6a48a01ded66c7057af8ed14553
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c47f94fe51f13fa34a8be9bce5c61ef5dafe42b3f31b867101b764084e9420ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9714A7190020AEBEF10DFA4DD44FFEBBBAEF09710F044619E915A7291D771A905CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006DEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(006FCC08), ref: 006DEB29
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 006DEB37
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 006DEB43
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 006DEB4F
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006DEB87
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 006DEB91
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006DEBBC
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 006DEBC9
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 006DEBD1
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006DEBE2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006DEC22
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 006DEC38
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 006DEC44
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006DEC55
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 006DEC77
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006DEC94
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006DECD2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006DECF3
                                                                                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 006DED14
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 006DED59
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: da1f5d0b9d0a141c014a0723d43e1070f99d8e22df354c86231c7ddf2a41ccc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 34ace6cbdcaed9d5e4b07a47efbdc293a3e2fb77be02185fed55effccbb78cc1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da1f5d0b9d0a141c014a0723d43e1070f99d8e22df354c86231c7ddf2a41ccc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9061AD34604205AFD300EF24D984F7A77ABEF84714F14551EF4569B3A2DB32E90ACBA2
                                                                                                                                                                                                                                                                                                                                                            Function 006D698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006D69BE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D6A12
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006D6A4E
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006D6A75
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 006D6AB2
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 006D6ADF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a527336bf73db5ea9a82ab2897313c1a61e5e15a1161596e7adf113f9ea56ea4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 238a255a3585f8267d8c8080678405cb8954a75965a9bf87c3d27689ee15f2e9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a527336bf73db5ea9a82ab2897313c1a61e5e15a1161596e7adf113f9ea56ea4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32D161B1508340AFC354EBA4D981EABB7EDAF88704F04491EF585C7291EB75DA44CB62
                                                                                                                                                                                                                                                                                                                                                            Function 006D9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 006D9663
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 006D96A1
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 006D96BB
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006D96D3
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D96DE
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 006D96FA
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006D974A
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00726B7C), ref: 006D9768
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006D9772
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D977F
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D978F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b18e938ec740818c3799e24fc99986bdbdc50d64dc1b976bd7dceb617a112845
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 14c0c853ea115cfa8f444b73321cbb42d46c3bcdaad62403daaf396361856b2d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b18e938ec740818c3799e24fc99986bdbdc50d64dc1b976bd7dceb617a112845
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31C07294021D6EDF14AFB4ED18AEE77AEEF09320F104156F805E22A0DB34DA44CB64
                                                                                                                                                                                                                                                                                                                                                            Function 006D979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 006D97BE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006D9819
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D9824
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 006D9840
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006D9890
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00726B7C), ref: 006D98AE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006D98B8
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D98C5
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D98D5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 006CDB00
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 036d5560018b7b66e2a60e7fdc5c67c0cd35a3aa28a6ee0e93a7f62c1cd1d979
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0dc3a58013cf78585a88efedc1e06b7ab84e8b923775f82f5595606452f46e9d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 036d5560018b7b66e2a60e7fdc5c67c0cd35a3aa28a6ee0e93a7f62c1cd1d979
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1331C37294021D6EDF10AFB4EC48AEE77AEEF06720F144557E810A22A0DB30DA45DB64
                                                                                                                                                                                                                                                                                                                                                            Function 006CD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CE199: GetFileAttributesW.KERNEL32(?,006CCF95), ref: 006CE19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006CD122
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 006CD1DD
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 006CD1F0
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 006CD20D
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006CD237
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,006CD21C,?,?), ref: 006CD2B2
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 006CD253
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006CD264
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 886272406969811fb32ad9cee7fb35afd3ca1928b8173b0685029a273fa88e8b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4e04c89366276f4b8571b7873e3f1f78d1f8fbe104ce2998ab62445aa791e58e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 886272406969811fb32ad9cee7fb35afd3ca1928b8173b0685029a273fa88e8b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C861263180111DAACF45EBA0DA92EFDB7BAEF15300F24416DE40277291EB35AF09DB64
                                                                                                                                                                                                                                                                                                                                                            Function 006DED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4a3f058764883e18d56d3b444cc41c80c4e85f386ddaee0c35c4a0726bab164d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 701f5b35e24d616708bc862a86ad4949a92dfdb529f17f2c9363d0e1284e15c5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a3f058764883e18d56d3b444cc41c80c4e85f386ddaee0c35c4a0726bab164d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F418C35604611AFE720EF15D888F69BBE2EF44328F14C09AE4558F762CB76ED42CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006CE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006C170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006C173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C16C3: GetLastError.KERNEL32 ref: 006C174A
                                                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 006CE932
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fbbf3bf5ed78c07e6e25fc1f91db2acc71c54023694dfb06c65983f73b024671
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41d381a3733bb0673c003d50404cb2205ef9499db829543358a52b961adac70a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbbf3bf5ed78c07e6e25fc1f91db2acc71c54023694dfb06c65983f73b024671
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC012672610214ABEB9422B49C8AFFF727EE715751F14052EF802E31D2D9B25C4082A4
                                                                                                                                                                                                                                                                                                                                                            Function 006E1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 006E1276
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E1283
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 006E12BA
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E12C5
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006E12F4
                                                                                                                                                                                                                                                                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 006E1303
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E130D
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006E133C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c009b684fcf188cc97a9a705c0d4885f2eff9bbf03e10e186e5b75aa646b3f46
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 206d3ba926d327e3d86d66059caa1d4f638873078526cbb795c4a6b6fc8899c4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c009b684fcf188cc97a9a705c0d4885f2eff9bbf03e10e186e5b75aa646b3f46
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F341A3316002409FD710DF65C998B69BBE7BF46328F188188D9568F396C771ED82CBE1
                                                                                                                                                                                                                                                                                                                                                            Function 0069B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069B9D4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069B9F8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069BB7F
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00703700), ref: 0069BB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0073121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0069BC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00731270,000000FF,?,0000003F,00000000,?), ref: 0069BC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069BD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e5f932fc9e1d19e17ccd60d7c2abf4b25617f53bed6e5d2075519aa84fa9a75e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e58e77a41175d49f2b256590a67cda3b10f03f166ecb12ce07a5d171b441c2fa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5f932fc9e1d19e17ccd60d7c2abf4b25617f53bed6e5d2075519aa84fa9a75e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3C11671A04209AFDF20DF69AE51BEA7BAFEF41310F18619EE494D7791EB308E018754
                                                                                                                                                                                                                                                                                                                                                            Function 006CD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CE199: GetFileAttributesW.KERNEL32(?,006CCF95), ref: 006CE19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006CD420
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 006CD470
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006CD481
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006CD498
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006CD4A1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2b94bad9f49d7457b4a331774bda028fac0d05aaf84ac7a2064943a61fd55e12
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 20d4b157712c50c418dd72b267fff319ad9affe47ca7f87e7c9f0b962591355b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b94bad9f49d7457b4a331774bda028fac0d05aaf84ac7a2064943a61fd55e12
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A319E31008345ABC304EF64D9919BFB7EAEE91310F449A2DF4D593291EB30AA09CB67
                                                                                                                                                                                                                                                                                                                                                            Function 0069E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d2134331e65f6b7a1c41791fa1fed715f550116950f5450a364724981a985cf3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1a4bf757c76e475187142a4ae0091a780d5a9a86fd4832c9b7b9c508d964dc7d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2134331e65f6b7a1c41791fa1fed715f550116950f5450a364724981a985cf3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DC24971E086288FDF65CF289D407EAB7BAEB48314F1541EAD44DE7640E779AE818F40
                                                                                                                                                                                                                                                                                                                                                            Function 006D648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D64DC
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006D6639
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(006FFCF8,00000000,00000001,006FFB68,?), ref: 006D6650
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006D68D4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 649c0f3e70234376e52d1caacc0899995659ee94acc89c379112371c36f38573
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b820bcfb58f8572b8cd4546946005ff5e4e2612baf1d9007dbf3d2deff1fa6c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 649c0f3e70234376e52d1caacc0899995659ee94acc89c379112371c36f38573
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BD14A71508341AFC344EF24C88196BB7EAFF98704F00496DF5958B2A1DB71ED45CBA2
                                                                                                                                                                                                                                                                                                                                                            Function 006E22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 006E22E8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006DE4EC: GetWindowRect.USER32(?,?), ref: 006DE504
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006E2312
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006E2319
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 006E2355
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006E2381
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 006E23DF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: db5bab38f5d13b692fae099af44b26e638cc80082131b9e5635c474315b9541b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 06b85c400ee5331e72ffbc0ca069b2e846912220946e807b6a284e1ecbc0a9d4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db5bab38f5d13b692fae099af44b26e638cc80082131b9e5635c474315b9541b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7331BE72505356ABC720DF15C845BABB7ABFB84310F00191DF98597281DA35E908CB92
                                                                                                                                                                                                                                                                                                                                                            Function 006D9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 006D9B78
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 006D9C8B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D3874: GetInputState.USER32 ref: 006D38CB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006D3966
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 006D9BA8
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 006D9C75
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67b961bc6e363df19cd958378c6cdd33c00f1b615f34299d12fcb94751b7ccf2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ca0f0c90b92500ddc89da94f3dac51a9c5ea2e9660553553aecd03287cd72221
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67b961bc6e363df19cd958378c6cdd33c00f1b615f34299d12fcb94751b7ccf2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65417371D0421AAFCF54DFA4C995AEE7BBAEF05310F24415AE805A33A1EB309E44CF64
                                                                                                                                                                                                                                                                                                                                                            Function 00668060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERCP$InitializeCriticalSectionEx$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1173862840
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2df68ad11c3716787259b2909f8c4424ea41bc37dfbc4fca90d3b0dd3c8a39e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 52d6e030c64109d45743bc02e71677cb92d72b1843e37d543f5a6db8a93aecee
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2df68ad11c3716787259b2909f8c4424ea41bc37dfbc4fca90d3b0dd3c8a39e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EA25D70A0061ACFDF24DF68C9507EDB7B2BB55314F2482AAE816A7385DB709D81CF90
                                                                                                                                                                                                                                                                                                                                                            Function 0067997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00679A4E
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00679B23
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00679B36
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba43cdf3be01f36bf3ff65efd7b5937c484fbee32e2dfd3f259d587866ada94d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bed47701d1ea528ad641e808716ca5f7e7758029b004d60b646d7b6a1c164ebd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba43cdf3be01f36bf3ff65efd7b5937c484fbee32e2dfd3f259d587866ada94d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EA109B0109444AEE728AA3C8C59EFB27DFDB82350F25C11DF506C6795CA259D82D37A
                                                                                                                                                                                                                                                                                                                                                            Function 006E1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006E304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006E307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006E304E: _wcslen.LIBCMT ref: 006E309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 006E185D
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E1884
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 006E18DB
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E18E6
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006E1915
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 584f4f0260dbd40e01786c59b99448ae0cfd0fa049c8d6c9d41bb38d1879fa7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b1bd84e5e80960e23a3fcd773d8be968f47888a12692d97aad848d72c2f2418
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 584f4f0260dbd40e01786c59b99448ae0cfd0fa049c8d6c9d41bb38d1879fa7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE51A371A002109FE710AF24C896F6A77E6AB45718F18809CF95A9F3D3C771AD41CBA5
                                                                                                                                                                                                                                                                                                                                                            Function 006F1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d5b9d371bbcc78ed3d58b221e9ba2c4e5dff6448141b4f6b6a50b028815f63d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d6abd271febc11ff88c851f4d336da7edabb0951a052a8fad4ed76887585b3f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d5b9d371bbcc78ed3d58b221e9ba2c4e5dff6448141b4f6b6a50b028815f63d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8821B1317402099FD7208F1AC854B7A7BA7AF86364B18805CE946CF351C775EC42CB94
                                                                                                                                                                                                                                                                                                                                                            Function 006C8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006C82AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($tbr$|
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1659193697-2672883373
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1515d8f85cb901f1f3cac3f65e0a47d6f44bd98938736247faa312c758c1fe75
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 28a24e6a0670a4102f42e0be5a4a006485994fe5e877d70c6f89c7751f75bca0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1515d8f85cb901f1f3cac3f65e0a47d6f44bd98938736247faa312c758c1fe75
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88323474A006059FCB28CF59C481EAAB7F1FF48710B15C56EE49ADB7A1EB70E941CB44
                                                                                                                                                                                                                                                                                                                                                            Function 006CAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 006CAAAC
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 006CAAC8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 006CAB36
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 006CAB88
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cfeb215c317ef6de52e373875754ee9a39b3c7a7c5496faf0340609b694d6b7b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 007b2db71a03faacc819e1a4337caf12ff65c6f2335fc88e1699b7ad01796d7b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfeb215c317ef6de52e373875754ee9a39b3c7a7c5496faf0340609b694d6b7b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB31F370A4024CAFEB258AA4CC09FFA7BA7EB44324F04421EF181962D1D7758D81C766
                                                                                                                                                                                                                                                                                                                                                            Function 006DCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 006DCE89
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 006DCEEA
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 006DCEFE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6943f802daa9c0b406f00c4b6adcf8dd7f09552c09d176ae59ab3be0cea5b2ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f1af27b7a86d70ece0c0663cb373425130a85d07cf0bf4e63ae76d2edd315f72
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6943f802daa9c0b406f00c4b6adcf8dd7f09552c09d176ae59ab3be0cea5b2ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A221BDB190030A9BDB20DFA5C949BA777FEEF40364F10441EE546D2251E770EE05DB64
                                                                                                                                                                                                                                                                                                                                                            Function 00692622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0069271A
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00692724
                                                                                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00692731
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d7515fc7d84ff1413db551d8a0ab57bb69f71377449b9f24198114b22d6be66
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 768e6e1a015028fb391ee9f68d537ba00fd6b3776cc4a1aa1ed3c43978d243b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d7515fc7d84ff1413db551d8a0ab57bb69f71377449b9f24198114b22d6be66
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC31D47590121DABCB61DF68DD887DCBBB9AF08310F5042EAE81CA7261E7309F858F44
                                                                                                                                                                                                                                                                                                                                                            Function 006D51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006D51DA
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 006D5238
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 006D52A1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3ba486d2555cbb632decf979827266a11ddaf503015bff1ab2f126b306c5ec19
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e726d0ae8c963e02170eab9c86accd33252b000b356c235f513044fa1e137907
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ba486d2555cbb632decf979827266a11ddaf503015bff1ab2f126b306c5ec19
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B314175A00518DFDB00DF54D884EADBBB5FF49314F048099E8459B352DB31E95ACB91
                                                                                                                                                                                                                                                                                                                                                            Function 006C16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00680668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00680685
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006C170D
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006C173A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006C174A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1bbd2d9aa6fd8d91717450bc4b415244b373ae886c2d8dbe4d59fde6351ee164
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9b053a01fa4881bf7959aef80b6f322a25ce78a1e1e8684d0c896e456f0eba1d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bbd2d9aa6fd8d91717450bc4b415244b373ae886c2d8dbe4d59fde6351ee164
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E1191B2404308FFD7289F54DC86E7AB7BAEF45764B20856EE05657241EB70BC42CB24
                                                                                                                                                                                                                                                                                                                                                            Function 006CD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006CD608
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 006CD645
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006CD650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c4ad24fb339482461e9b5977f4e12bbaa893a037a2d21c49223069e83058bfe6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: da241d153c957ae5ba7c533d37f9c7d10fdcaa057ca63f79e8887ac0f5d1d63a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4ad24fb339482461e9b5977f4e12bbaa893a037a2d21c49223069e83058bfe6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83115E75E05228BFDB108F99DD45FAFBBBDEB45B60F108126F904E7290D6704A05CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 006C1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 006C168C
                                                                                                                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006C16A1
                                                                                                                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 006C16B1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57f784b50343ffbb50b14927fa8d5dc51b6154bead13a3d1b8ab43487c475640
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 56049c8147a2912f344dd00db6aa0aec0eaaf373644b3074bcd868cf08d0e16f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57f784b50343ffbb50b14927fa8d5dc51b6154bead13a3d1b8ab43487c475640
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46F0447194030CFBDB00CFE48D89EAEBBBDEB08210F004864E500E2181E731AA449A50
                                                                                                                                                                                                                                                                                                                                                            Function 0069C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d56c87037d690ced7003c27e6ad3a83870c624e306f0c824512fd1ee670d3c6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 442c6b68468e392cb8ef33a49c33c6b3d9478ce2c8b27e381c449f04f65d590f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d56c87037d690ced7003c27e6ad3a83870c624e306f0c824512fd1ee670d3c6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA412572500219ABCF209FB9CC48EEB77BEEB84364F504269F905D7680E6709E418B54
                                                                                                                                                                                                                                                                                                                                                            Function 0068CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d3b25c4c30b1eae85947abf45b484184dedffd407672fb1f8f29c269d8a98eb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5021C71E001199BDF14DFA9D8846EDBBF2FF48324F25826AD919EB380D731A941CB94
                                                                                                                                                                                                                                                                                                                                                            Function 0066CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable is not of type 'Object'.$p#s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2564790187
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5df7b9f5c77974d7049f66bd7740c670ba2aedd117e0d2a3c5c8d9f2dbb9a144
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b0eb2b7afc05eed62aa3ebcca7900a68a8f0686c316370d157c695d59ae842c7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5df7b9f5c77974d7049f66bd7740c670ba2aedd117e0d2a3c5c8d9f2dbb9a144
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D329C70900618DBDF14DF94C891AFEBBB7BF04314F148059E846AB392DB75AE86CB64
                                                                                                                                                                                                                                                                                                                                                            Function 006D68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006D6918
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006D6961
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a0ed65683a9b9af94eda893cd610f2f6c07cd9f7bd13ff7724603a1ff8de0a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 661a78d5f00322dbe151cc68cba1ce0c6c0f1026952c01277cf18e5fdffdae2a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a0ed65683a9b9af94eda893cd610f2f6c07cd9f7bd13ff7724603a1ff8de0a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB118E316046019FC710DF69D494A26BBE6EF89328F14C69EF4698F3A2CB70EC05CB91
                                                                                                                                                                                                                                                                                                                                                            Function 006D37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,006E4891,?,?,00000035,?), ref: 006D37E4
                                                                                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,006E4891,?,?,00000035,?), ref: 006D37F4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 519bc06749569663e8e20012014a626bb2e7b7033380d143cbdada9a0d0cb7f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c71083d312b018a0dd4e93a15a78d9aa56d64499544ebcc9a0b7be95a3739a5c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 519bc06749569663e8e20012014a626bb2e7b7033380d143cbdada9a0d0cb7f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09F0E5B1A053292AE76027668C4DFEB3AAFEFC5771F000166F509E2381D9609D04C6B5
                                                                                                                                                                                                                                                                                                                                                            Function 006CB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 006CB25D
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 006CB270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7ecb5828565a90c10088c17c836561e255eb93361e7b22d5949fe5871f65ae67
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 40cbd28bc3647a0f2b9ca8838fd0fe836107847319b6f8f1b32e0bf9ba5f8d78
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ecb5828565a90c10088c17c836561e255eb93361e7b22d5949fe5871f65ae67
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20F01D7180424DABDB059FA4C806BFE7BB5FF04315F009409F955A5191C3799615DF94
                                                                                                                                                                                                                                                                                                                                                            Function 006C10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006C11FC), ref: 006C10D4
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,006C11FC), ref: 006C10E9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 14fb34e44c33a8f6b7bb70530009633f46d86212b3cad2822d84ea1c05a21a55
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf399bed2235b8afa44e9de88c3ae40cdf568c2b0508898d2a89878acdeb83ec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14fb34e44c33a8f6b7bb70530009633f46d86212b3cad2822d84ea1c05a21a55
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78E04F32008600AEE7252B11FC05E7377AAEF05320B10C82DF4A5804B1DB626C90DB54
                                                                                                                                                                                                                                                                                                                                                            Function 0069676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00696766,?,?,00000008,?,?,0069FEFE,00000000), ref: 00696998
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7cf0911d459e4888353c1053b9ca3d5758d9b7c89ab650c75d957529b214ff3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b0067485d078677a99bcb73493c7245fa56e7fdb67abc954dec952e01f7f063
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7cf0911d459e4888353c1053b9ca3d5758d9b7c89ab650c75d957529b214ff3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64B15A316107099FDB15CF28C58ABA57BE5FF05364F258658F89ACF6A2C335E982CB40
                                                                                                                                                                                                                                                                                                                                                            Function 0067B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c04099408675ab85758d2dc3061cbe2dda935c68a8a319965188734af9bb000
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d308ed97430d481bc842b2ebbf03be2c3d879fb5cd390352c592ea3b7b2a37a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c04099408675ab85758d2dc3061cbe2dda935c68a8a319965188734af9bb000
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 481230B59002299FDB64CF58C8817EEB7F6FF48710F14819AE849EB255DB349E81CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006DEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 006DEABD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed010f15dce5f366fb6296de843a43b8481e6c44c3ac29799bdac694e908c887
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f13170e84c9a8f2136baac29fffc42d2fcd47e605e327b84f9070e8b29f90d37
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed010f15dce5f366fb6296de843a43b8481e6c44c3ac29799bdac694e908c887
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CE04F316002099FC710EF5AD804E9AF7EAAF98770F04841BFC4ACB361DBB1E8418B94
                                                                                                                                                                                                                                                                                                                                                            Function 006809D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,006803EE), ref: 006809DA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c195b0c2df08c9c40ff66a22985b34e1dffe551b54e7d2d28241e713db55a78
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ed38ef6a95cdd628f02335c4cd2b12d259b8895808775b0a97ddc0e1b62d2481
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c195b0c2df08c9c40ff66a22985b34e1dffe551b54e7d2d28241e713db55a78
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                            Function 0068781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 80f3ab037543d3c0620c48352130ffa09dc034d6cbefb6a4dbc5fa1728035918
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 495199A160C6055BDF38B528889D7FE279B9B12340F38072AD986D7382DA11DE42D35A
                                                                                                                                                                                                                                                                                                                                                            Function 006D2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0&s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3522731808
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec39bbefbc42790704da8463545af7066556845b396b074f8cae5cc951e3df70
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 11520940bea662c5b2866d5c90151b7292761e73c7435f0075e674154fff762f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec39bbefbc42790704da8463545af7066556845b396b074f8cae5cc951e3df70
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB21DD327215118BD728CF79C82367E73E5A764310F15862EE4A7C37D1DE3AA904C784
                                                                                                                                                                                                                                                                                                                                                            Function 00696DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5a0e8b95e5771799dfb5a07cd701a98de7685bf693f0febbc61a089623f0fbc2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 489559295b3dec4d8216d1d8e76a449bf599d5f9e97784cca8087ca46797c61f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a0e8b95e5771799dfb5a07cd701a98de7685bf693f0febbc61a089623f0fbc2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54320222D39F018DDB279634C826335628EAFB73D5F15D727E81AB5EA6EF29C4834104
                                                                                                                                                                                                                                                                                                                                                            Function 0067CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 764c20bf2398be85612cf27ecf86fa526a6e073e085e0c18b099073a69a9ef8e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01ef1e2208f366fab06cbf131d405d9d005c7661af0eb56e49feca714357aa6e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 764c20bf2398be85612cf27ecf86fa526a6e073e085e0c18b099073a69a9ef8e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9232F5B1A001158BDF39CF28C494AFD7BA3EB45330F28866AD4599B391D634DEC2DB50
                                                                                                                                                                                                                                                                                                                                                            Function 00667920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65b306e08f91d2aeff97ac8ecdcd0c1cc7fbb3b22e915f556d316ec5ea09799f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4f364e5e251224baf342bd4a386e4479421b25c2bbb3651ad5cef2fa426203b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65b306e08f91d2aeff97ac8ecdcd0c1cc7fbb3b22e915f556d316ec5ea09799f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A229E70A04609AFDF14DFA4C881AEEB3F7FF49304F244629E816A7291EB35AD15CB54
                                                                                                                                                                                                                                                                                                                                                            Function 006691C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f08eb90f61f829a3a371a503a64987d7ae77176bdfe79f2f22cdfe82520481c6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e35d0873c5cd5cd5df9fd945a59b0a58b0e7197f9fedd4d4ebb08ac3cd83718e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f08eb90f61f829a3a371a503a64987d7ae77176bdfe79f2f22cdfe82520481c6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C02A6B0A10105EBDB14EF54D981AAEB7B6FF45300F208169E816DB391EB35AE11CF95
                                                                                                                                                                                                                                                                                                                                                            Function 00681C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 92efa66387a5d8e3772ad5ded823a426d4a2c1fe4e5cd0eab3cdf05f7531f8a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 489187726080A34ADB29563E85341BEFFE65E933A131A079DD4F2CE2C1FE24C956D720
                                                                                                                                                                                                                                                                                                                                                            Function 006819B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c6a00f8fefc83276aaf7e005eb89b6aeac8f4d82ca3d5a6ac2f100f19d547ab3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 049184722090E34ADB2D567A857407DFFEA5A933A231A079ED4F2CE2C1FE14C656D720
                                                                                                                                                                                                                                                                                                                                                            Function 00687A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c69126f1162fd8c2e9f4d8ddbeac2a66ab9fb71c72fff23dad7b1eca5ac62852
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 61d35df3f994bc9a66b502874466f9db527002d4e3635a3ab4e59db9f9794505
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c69126f1162fd8c2e9f4d8ddbeac2a66ab9fb71c72fff23dad7b1eca5ac62852
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF6169712087099ADE78BE288D95BFE6397DF51700F740B1DE842DB381DA11DE42C369
                                                                                                                                                                                                                                                                                                                                                            Function 00681706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1a09e913bffb570f35d804513104e3ded2b7a174478b9ebeb0df4501af2636ef
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D8197726080A30ADB2D523A85354BEFFE75A933A131A079DD4F2CF2C1EE24C656D720
                                                                                                                                                                                                                                                                                                                                                            Function 0067D064 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f5e7b366cab3ebdd591a3b9aff6d7a08a11a3e88958c8923b435b17468c009f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a452aa31eb8929d6da348a950abb6b5a8dbd180516c7894ca1d1a794f425845a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f5e7b366cab3ebdd591a3b9aff6d7a08a11a3e88958c8923b435b17468c009f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F6180725496819FDB0ACF20C9D2480FFA8FEA3A10308D6DECD458F1AED765D604CB61
                                                                                                                                                                                                                                                                                                                                                            Function 006E2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006E2B30
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006E2B43
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006E2B52
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006E2B6D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006E2B74
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 006E2CA3
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 006E2CB1
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2CF8
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 006E2D04
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 006E2D40
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D62
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D75
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D80
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006E2D89
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D98
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006E2DA1
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2DA8
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006E2DB3
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2DC5
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,006FFC38,00000000), ref: 006E2DDB
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006E2DEB
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 006E2E11
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 006E2E30
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2E52
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E303F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d762f7f55d4609477f7b98a22b2a1989e1e9837c157dcd96aad17ca1dcb4547a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d3c20db473aa080b5c8d613a7e81fb08a0521846211b3234b1ee9ee201aec02b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d762f7f55d4609477f7b98a22b2a1989e1e9837c157dcd96aad17ca1dcb4547a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44028C71900209EFDB14DF65CD89EAE7BBAFF48725F008158F915AB2A1DB74AD01CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006F70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 006F712F
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 006F7160
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 006F716C
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 006F7186
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006F7195
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 006F71C0
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 006F71C8
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 006F71CF
                                                                                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 006F71DE
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006F71E5
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 006F7230
                                                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 006F7262
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F7284
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: GetSysColor.USER32(00000012), ref: 006F7421
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: SetTextColor.GDI32(?,?), ref: 006F7425
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: GetSysColorBrush.USER32(0000000F), ref: 006F743B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: GetSysColor.USER32(0000000F), ref: 006F7446
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: GetSysColor.USER32(00000011), ref: 006F7463
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 006F7471
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: SelectObject.GDI32(?,00000000), ref: 006F7482
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: SetBkColor.GDI32(?,00000000), ref: 006F748B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: SelectObject.GDI32(?,?), ref: 006F7498
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 006F74B7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006F74CE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 006F74DB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3c841ac57f8d9d59cc55f19b9830a59c40e64994d8ee4cbc84d395953e31846f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d2fdf6a60322e6b038fa62364eae7b03bcf4605200a35a79c43960fda503d83f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c841ac57f8d9d59cc55f19b9830a59c40e64994d8ee4cbc84d395953e31846f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABA19D72008309AFDB00DF64DD48EBB7BAAFB89330F101A19FA62961E1D771E955CB51
                                                                                                                                                                                                                                                                                                                                                            Function 00678D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 00678E14
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 006B6AC5
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 006B6AFE
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 006B6F43
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00678F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00678BE8,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 00678FC5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 006B6F7F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 006B6F96
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 006B6FAC
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 006B6FB7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5f0ee86181aae7d3a0a254ec8fca5f79cd945d65dfd684ddbbfa14322e269bff
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 44e04e5590c604376e266820da798615e0bdcdfb783c1527a444181b990b7da8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f0ee86181aae7d3a0a254ec8fca5f79cd945d65dfd684ddbbfa14322e269bff
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C712AB70604245DFDB25CF24C958BFABBA7FB44310F548469F5898B261CB3AEC92CB51
                                                                                                                                                                                                                                                                                                                                                            Function 006E2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 006E273E
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 006E286A
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 006E28A9
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 006E28B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 006E2900
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 006E290C
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 006E2955
                                                                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 006E2964
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 006E2974
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 006E2978
                                                                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 006E2988
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006E2991
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 006E299A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 006E29C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 006E29DD
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 006E2A1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 006E2A31
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 006E2A42
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 006E2A77
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 006E2A82
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 006E2A8D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 006E2A97
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67dc135ee67e6ea2b788f4e85d619b5af93edb2755647ff7fa94883cc2b411a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f5aa6b446fa48e6d7bb5c7bde5de0127f5cccee6a65b92b7c1861c9e98f5d30
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67dc135ee67e6ea2b788f4e85d619b5af93edb2755647ff7fa94883cc2b411a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86B17E71A00209AFEB14DFA9CD45FAF7BAAEB08711F008159F915E7290D774ED40CBA4
                                                                                                                                                                                                                                                                                                                                                            Function 006D4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006D4AED
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,006FCB68,?,\\.\,006FCC08), ref: 006D4BCA
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,006FCB68,?,\\.\,006FCC08), ref: 006D4D36
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 98d6ed505ef9a724aa562d60df91f821bc944266cf6c276cc4a836479132f576
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19ad130a7e6530079cad3ab029906c2da86a98e28071a035b36a3f49f5825c9f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98d6ed505ef9a724aa562d60df91f821bc944266cf6c276cc4a836479132f576
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE61AE70B16109DBCB14DF24DA829B877B3AB44304B20842BF806AB791DF3AED42DB55
                                                                                                                                                                                                                                                                                                                                                            Function 006F73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 006F7421
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 006F7425
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 006F743B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 006F7446
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 006F744B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 006F7463
                                                                                                                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 006F7471
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 006F7482
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 006F748B
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006F7498
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 006F74B7
                                                                                                                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006F74CE
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 006F74DB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006F752A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 006F7554
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 006F7572
                                                                                                                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 006F757D
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 006F758E
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 006F7596
                                                                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,006F70F5,000000FF,?,00000000), ref: 006F75A8
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006F75BF
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 006F75CA
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006F75D0
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 006F75D5
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 006F75DB
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 006F75E5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b955ab3c5f0cf3d52041219dfe525e4054ff07a6b594324f5237d24819c167d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 703faf68eeb949353fe819fe4e4e46af36ca3bf817fdf1f5f28d00e8f1a7436d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b955ab3c5f0cf3d52041219dfe525e4054ff07a6b594324f5237d24819c167d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE615B7290421CAFDF01DFA8DD49EEEBFBAEB09320F115115FA15AB2A1D7709950CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006F0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006F1128
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006F113D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006F1144
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F1199
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006F11B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 006F11ED
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006F120B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006F121D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 006F1232
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 006F1245
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 006F12A1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 006F12BC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 006F12D0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 006F12E8
                                                                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 006F130E
                                                                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 006F1328
                                                                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 006F133F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 006F13AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b0b70271bfe43185353fd43e4c9f3ceb1fd28682edd5599ab39784c8ceffd61
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 553c2dfae68c8620eff3ec939314f8cd452956053f35e976ffe00d65ac848f7a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b0b70271bfe43185353fd43e4c9f3ceb1fd28682edd5599ab39784c8ceffd61
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FB19C71608345EFD740DF64C984BAABBE6FF85350F00891CFA999B261CB71E844CB95
                                                                                                                                                                                                                                                                                                                                                            Function 006F0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 006F02E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F031F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F0389
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F03F1
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F0475
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 006F04C5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 006F0504
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067F9F2: _wcslen.LIBCMT ref: 0067F9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006C2258
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 006C228A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7ae6422d357be99fef434fb44daa74685624d730e5ef0639ae780987584416f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ba0b27ad559848c16c42d2c35604e52eca021bcafcd75eaab7bbcbc865ad51d1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ae6422d357be99fef434fb44daa74685624d730e5ef0639ae780987584416f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCE1CD312082058FDB54DF24C55197AB3E7BF88314F14896DFA96AB3A2DB30ED46CB91
                                                                                                                                                                                                                                                                                                                                                            Function 00678891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00678968
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00678970
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0067899B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 006789A3
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 006789C8
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 006789E5
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 006789F5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00678A28
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00678A3C
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00678A5A
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00678A76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00678A81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: GetCursorPos.USER32(?), ref: 00679141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: ScreenToClient.USER32(00000000,?), ref: 0067915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: GetAsyncKeyState.USER32(00000001), ref: 00679183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: GetAsyncKeyState.USER32(00000002), ref: 0067919D
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,006790FC), ref: 00678AA8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc02a68f7e56a06797ec7598073c4ae65cf4b4b01738fcfa3955ddeccd1c5553
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8c93ee1536ebd07f5f6a4ca632c6c6710db086ef4fcaaaa65afd16255850ccb0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc02a68f7e56a06797ec7598073c4ae65cf4b4b01738fcfa3955ddeccd1c5553
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01B17C71A402099FDB14DFA8CD49BEE3BB6FB48325F118129FA19A7290DB34E841CF55
                                                                                                                                                                                                                                                                                                                                                            Function 006C0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006C1114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006C114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006C0DF5
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006C0E29
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 006C0E40
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 006C0E7A
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006C0E96
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 006C0EAD
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 006C0EB5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 006C0EBC
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006C0EDD
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 006C0EE4
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006C0F13
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006C0F35
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006C0F47
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0F6E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0F75
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0F7E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0F85
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0F8E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0F95
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 006C0FA1
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C0FA8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1193: GetProcessHeap.KERNEL32(00000008,006C0BB1,?,00000000,?,006C0BB1,?), ref: 006C11A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006C0BB1,?), ref: 006C11A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006C0BB1,?), ref: 006C11B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 375ab45a2af673f0ddeb94b674c44d34ee46c8a9b95fa3001464fa4ed95cf3a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 396223c45c60f68a56debf23652e7d7662713a8d262303a675b5a92a0561ed37
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 375ab45a2af673f0ddeb94b674c44d34ee46c8a9b95fa3001464fa4ed95cf3a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77713C7190020AEBEF20DFA4DD44FFEBBBAFF05310F148119E929A6291D7719A55CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006EC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EC4BD
                                                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,006FCC08,00000000,?,00000000,?,?), ref: 006EC544
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 006EC5A4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006EC5F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006EC66F
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 006EC6B2
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 006EC7C1
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 006EC84D
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006EC881
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006EC88E
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 006EC960
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 22e32e2619922ce76e459596216959a6e3255c831325a21580c39b66b100184a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1f21341f312efa1acf1730f6ef3df1f71f26b5593dd17fdeffe3f75fefec69e2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22e32e2619922ce76e459596216959a6e3255c831325a21580c39b66b100184a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E127B356043419FD754DF15C881A6AB7E6FF88724F14889DF88A9B3A2DB31EC42CB85
                                                                                                                                                                                                                                                                                                                                                            Function 006F091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 006F09C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F0A01
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006F0A54
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F0A8A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F0B06
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F0B81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067F9F2: _wcslen.LIBCMT ref: 0067F9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006C2BFA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 15d20a995720b020964132304429bafdf0c38d9df9339c9fc5fdd4cac617b6b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63d9486fe608ef5181322b35cdf47fce1ee1fdd44b8f67cbff0beb37b6b3514a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15d20a995720b020964132304429bafdf0c38d9df9339c9fc5fdd4cac617b6b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFE187352083059FCB54DF24C45097AB7E3BF98318B10899DF99A9B3A2DB31ED46CB81
                                                                                                                                                                                                                                                                                                                                                            Function 006EC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4893947def8dfc29066c4416f24ea2cb1ce913dcc0851554be8f20d2c8b1aadf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fbd9a34d8e185c26e214d04df074ef2dcc58805666c8266adfcbffac58379b73
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4893947def8dfc29066c4416f24ea2cb1ce913dcc0851554be8f20d2c8b1aadf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F471F6326013AA8BCB20DE7ED9515FE33A7AB60774B214538F86697384E635CD47C7A0
                                                                                                                                                                                                                                                                                                                                                            Function 006F833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F835A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F836E
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F8391
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F83B4
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 006F83F2
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,006F5BF2), ref: 006F844E
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006F8487
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 006F84CA
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006F8501
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 006F850D
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 006F851D
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,006F5BF2), ref: 006F852C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 006F8549
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 006F8555
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b3d43897269b1dd69b6bc3b276b7a5ce77fd53924cdba78f16d9acea2c2f09ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 009b165381b1e0cfdecd12b13a6fdf4923e426edfec39e7457a8f754474cc641
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3d43897269b1dd69b6bc3b276b7a5ce77fd53924cdba78f16d9acea2c2f09ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7761AE7290021ABEEB14DF64CC45BFE77AABB08721F10464AFA15D71D1DF74AA90C7A0
                                                                                                                                                                                                                                                                                                                                                            Function 00667778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0d16bc34c38447c75f707103a04aebdf79d678c68b23eac490daddc820ccfe27
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e6cefca8c987e793700d91689853709e4e0850c758a1ad8a504342669430f60
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d16bc34c38447c75f707103a04aebdf79d678c68b23eac490daddc820ccfe27
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A81A471644205BBDB60BF60DC46FBA3BABAF15304F144029F905AB296EB70DD11CBA9
                                                                                                                                                                                                                                                                                                                                                            Function 006C5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 006C5A2E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 006C5A40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 006C5A57
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 006C5A6C
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 006C5A72
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 006C5A82
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 006C5A88
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 006C5AA9
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 006C5AC3
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006C5ACC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C5B33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 006C5B6F
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006C5B75
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006C5B7C
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 006C5BD3
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 006C5BE0
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 006C5C05
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 006C5C2F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f657bfa665cb0778b37d97e1c390755165e453cd6c69f3248b0ce7d895ac2dc3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a4de8e3465eeefc83e911615cc9dd15b6e437a97f23bc55847c564f6e58694c9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f657bfa665cb0778b37d97e1c390755165e453cd6c69f3248b0ce7d895ac2dc3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC714931900B09AFDB20DFA9CE95FBEBBF6EB48714F10451CE142A26A0D775B984CB50
                                                                                                                                                                                                                                                                                                                                                            Function 006C30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[r
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-1580549998
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 87e1122eb308672ed6f7bfe6ccbccfcdea48d123e3d6df937b5edb4c823deba3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1f33650f3369bbc4fd61f5b8ecc86c0b3707a6cb499e89d5f391efb1dba3dbd3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87e1122eb308672ed6f7bfe6ccbccfcdea48d123e3d6df937b5edb4c823deba3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26E19231A00536AACB589FA8C451FFDBBA6FF54710F54C22EE456A7340DB30AF458790
                                                                                                                                                                                                                                                                                                                                                            Function 006800C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 006800C6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0073070C,00000FA0,0B12B44C,?,?,?,?,006A23B3,000000FF), ref: 0068011C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,006A23B3,000000FF), ref: 00680127
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,006A23B3,000000FF), ref: 00680138
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0068014E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0068015C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0068016A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00680195
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006801A0
                                                                                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 006800E7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800A3: __onexit.LIBCMT ref: 006800A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00680122
                                                                                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00680154
                                                                                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00680148
                                                                                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00680162
                                                                                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00680133
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 80ae9084047e2819dbaf0ab78e717d73db14e970f3126e14e43acb735908b9a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 79bdd7655274992b7b49802b7909ed9dd4d44a24b9c21a067ce00314ef9f83f7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80ae9084047e2819dbaf0ab78e717d73db14e970f3126e14e43acb735908b9a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 892129326407096BFB607BB4AC0AB7D3397DF45B71F114A39F941A2391DB649C08CB94
                                                                                                                                                                                                                                                                                                                                                            Function 006D44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,006FCC08), ref: 006D4527
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D453B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D4599
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D45F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D463F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D46A7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067F9F2: _wcslen.LIBCMT ref: 0067F9FD
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00726BF0,00000061), ref: 006D4743
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b442dba4d3964d5202eaa417bf0f565e62148cacfca4ae04bdf96091ba052603
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1129a3ef3ee5fa424cd6cfdc975cc9e0dcfe8f0ec878e43d8a84fd50ad2f7cca
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b442dba4d3964d5202eaa417bf0f565e62148cacfca4ae04bdf96091ba052603
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41B1E171A083429FC710DF28D890ABAB7E6AFA5760F50491EF596C7391DB30DC45CBA2
                                                                                                                                                                                                                                                                                                                                                            Function 006F911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2
                                                                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 006F9147
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F7674: ClientToScreen.USER32(?,?), ref: 006F769A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F7674: GetWindowRect.USER32(?,?), ref: 006F7710
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006F7674: PtInRect.USER32(?,?,006F8B89), ref: 006F7720
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 006F91B0
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 006F91BB
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 006F91DE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 006F9225
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 006F923E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 006F9255
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 006F9277
                                                                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 006F927E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 006F9371
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 221274066-3108310235
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6fc3db1150b3248ac5acd8d3b3a7548fbacb3f0ec29deb5952876d2f851d392d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c818e4878b6dffb5735a9046861d35bbda1341e58d8ad30b3324d5d5529737dc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fc3db1150b3248ac5acd8d3b3a7548fbacb3f0ec29deb5952876d2f851d392d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08619C71108305AFD701DF60DD85EAFBBEAEF89760F000A2DF595931A1DB309A49CB66
                                                                                                                                                                                                                                                                                                                                                            Function 0066326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00731990), ref: 006A2F8D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00731990), ref: 006A303D
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006A3081
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 006A308A
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00731990,00000000,?,00000000,00000000,00000000), ref: 006A309D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006A30A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7a00231f07b80f7670100dfcc7cf99661d48b61427ac7b6786537f1549ce2ba3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d40fc96c7f71fdb3f132ccb9e849674e00676ce960b6069a3d0ba93e5c285326
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a00231f07b80f7670100dfcc7cf99661d48b61427ac7b6786537f1549ce2ba3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32711870684216BEEB219F28CD59FEABF6AFF01324F204206F5156A3E0C7B1AD54DB50
                                                                                                                                                                                                                                                                                                                                                            Function 006F6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 006F6DEB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 006F6E5F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 006F6E81
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006F6E94
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006F6EB5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00660000,00000000), ref: 006F6EE4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006F6EFD
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006F6F16
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006F6F1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006F6F35
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 006F6F4D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679944: GetWindowLongW.USER32(?,000000EB), ref: 00679952
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 44fbba737c831038fb8303e25dba5fc264d3747636a07d9e938e3419fde4a074
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: da20278df64a9c2fb40e1250cf23ed1cf1fb76b3f8c88c55173115d15208cf21
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44fbba737c831038fb8303e25dba5fc264d3747636a07d9e938e3419fde4a074
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E715875104248AFEB21CF18D844BBABBEAFB89314F44841DFA9987261C774AD06DB15
                                                                                                                                                                                                                                                                                                                                                            Function 006DC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006DC4B0
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006DC4C3
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006DC4D7
                                                                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 006DC4F0
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 006DC533
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 006DC549
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006DC554
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006DC584
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006DC5DC
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006DC5F0
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 006DC5FB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ae344b49dc3e332333839c1951de4860bd65cfe8840468bb3c312789df88204
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a52987b4b07467ee748cf7f1f60319d965ad5b04ca297fd3d5114a41741393bc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ae344b49dc3e332333839c1951de4860bd65cfe8840468bb3c312789df88204
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59514BB190020EBFDB219F65D948ABA7BFEEF48764F00451AF94596310DB30EA54DB60
                                                                                                                                                                                                                                                                                                                                                            Function 006F856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 006F8592
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006F85A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006F85AD
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006F85BA
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006F85C8
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006F85D7
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006F85E0
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006F85E7
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006F85F8
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,006FFC38,?), ref: 006F8611
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006F8621
                                                                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 006F8641
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 006F8671
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 006F8699
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 006F86AF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c70e595e1a61d5d0aad337b20a5f9909ec608867bf88641872b2749725db9af5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b16f1a4acd22d44c768a8bee7fb6df0f459d186692af9b6a080c07d4e3377a1d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c70e595e1a61d5d0aad337b20a5f9909ec608867bf88641872b2749725db9af5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52410A75600208AFDB11DFA5DD48EBA7BBAFF8A765F104058F905E7260DB309E05DB60
                                                                                                                                                                                                                                                                                                                                                            Function 006D14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 006D1502
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 006D150B
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006D1517
                                                                                                                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 006D15FB
                                                                                                                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 006D1657
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006D1708
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 006D178C
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006D17D8
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006D17E7
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 006D1823
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ccd5ca82da8eb8ddf9d3b3cb14e788cccf2a9fe12dd73cb289701094c8b61276
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c120c98f05afe1357fc652afa31bfb33e8e9e5e1b5b81d3409642a5875385ca
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccd5ca82da8eb8ddf9d3b3cb14e788cccf2a9fe12dd73cb289701094c8b61276
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44D1CFB1E00115EBDB109F65E885BB9B7B7BF46700F20805BE406AF390DBB8D846DB61
                                                                                                                                                                                                                                                                                                                                                            Function 006EB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006EC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EB6F4
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006EB772
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 006EB80A
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006EB87E
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006EB89C
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 006EB8F2
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006EB904
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 006EB922
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006EB983
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006EB994
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d75640051a09bb4c860337a3197297e2e7548785740489ea914e13612be2f57c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a783b576af87cb72d1ac4cbb157335538fe83614ec6c4c0979d8e5fc83b56bd2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d75640051a09bb4c860337a3197297e2e7548785740489ea914e13612be2f57c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AC18A30205341AFD714DF15C494F6ABBE6AF85318F14959CE49A8B3A2CB71EC46CB91
                                                                                                                                                                                                                                                                                                                                                            Function 006E255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006E25D8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 006E25E8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 006E25F4
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 006E2601
                                                                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 006E266D
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 006E26AC
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 006E26D0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006E26D8
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 006E26E1
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 006E26E8
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 006E26F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a4aa2cbf9bc485701cf168664e965faf40a88c9fc49b113709e4bf95ffea5bbc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f235ba4b56fa8637adc589965c8eec00527bb54c59dd3f2b4edb218ee0b94f23
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4aa2cbf9bc485701cf168664e965faf40a88c9fc49b113709e4bf95ffea5bbc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A610275D00219EFCF04CFA8D984EAEBBBAFF48310F208529E955A7250E771A951CF64
                                                                                                                                                                                                                                                                                                                                                            Function 0069DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0069DAA1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D659
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D66B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D67D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D68F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6B3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6C5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6D7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6E9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D70D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D71F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D731
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DA96
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DAB8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DACD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DAD8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DAFA
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DB0D
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DB1B
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DB26
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DB5E
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DB65
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DB82
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069DB9A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 61bf610d69789c1248776f5c54a02fc866e4b9f4770aac6edcd554552c009b31
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc824f8dbb7cbba10691eaff1bf660171cf546c4c0efa61c52f650d1e95edce4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61bf610d69789c1248776f5c54a02fc866e4b9f4770aac6edcd554552c009b31
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09316D71604306AFEF61AA39E845B9AB7EEFF10720F51442DE448D7A91DF31AC50C764
                                                                                                                                                                                                                                                                                                                                                            Function 006C365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 006C369C
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C36A7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 006C3797
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 006C380C
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 006C385D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006C3882
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 006C38A0
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 006C38A7
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 006C3921
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 006C395D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 527201ab4394ffeb093c34aecfe1d46cc39d0465f8d03ec9b7cd0b6093e53e83
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bbc655a414635e02c71ce1f73f1924716afbac56c8e11abf4613b0454a92ec01
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 527201ab4394ffeb093c34aecfe1d46cc39d0465f8d03ec9b7cd0b6093e53e83
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA91A171204616AFD719DF24C885FFAB7AAFF44350F00861DF999D2290EB30EA45CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 006C4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 006C4994
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 006C49DA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C49EB
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 006C49F7
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 006C4A2C
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 006C4A64
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 006C4A9D
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 006C4AE6
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 006C4B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006C4B8B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ab7d33a006ae1a9c79ba18efb15f800eee3623ff9886f7e1a91185bf7f2adc0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df361359e5c9a01b1da97c076e7c2a54b443417f7609a822e2061c38d8fd2012
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ab7d33a006ae1a9c79ba18efb15f800eee3623ff9886f7e1a91185bf7f2adc0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7919C711082099BDB04DF14C9A5FBA77EAEF84314F04846EFD859A296DF30ED45CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 006F8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 006F8D5A
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 006F8D6A
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 006F8D75
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 006F8E1D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 006F8ECF
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 006F8EEC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 006F8EFC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 006F8F2E
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 006F8F70
                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 006F8FA1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40fca23e904e2d1ae51be3a39b1f0899ea4a54a4639bf49167a6ba8a03316789
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8fe9a2440c29272853621a2bfd481bd36f639a3f13135b9f6e7fffd2523b5ee1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40fca23e904e2d1ae51be3a39b1f0899ea4a54a4639bf49167a6ba8a03316789
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F817971508309AFDB10CF24C884ABB7BEABF98364F14099DFA8497291DB30D905CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 006ECC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006ECC64
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 006ECC8D
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006ECD48
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006ECC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 006ECCAA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006ECC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 006ECCBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006ECC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006ECCCF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006ECC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006ECD05
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006ECC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006ECD28
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 006ECCF3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65bd119eeeb97be1d2e55e72af8b2e499a78a30d97ac7bc75aa2e04c4925d437
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19c60e67e2da3a44ccb8c03b4cf3ffb1ea8553a070b415dbd5ccfa69c7ff165c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65bd119eeeb97be1d2e55e72af8b2e499a78a30d97ac7bc75aa2e04c4925d437
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F318F7190222DBBDB208B55DD88EFFBB7EEF45760F000165B905E2240DB349A46DAA0
                                                                                                                                                                                                                                                                                                                                                            Function 006CE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 006CE6B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067E551: timeGetTime.WINMM(?,?,006CE6D4), ref: 0067E555
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 006CE6E1
                                                                                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 006CE705
                                                                                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 006CE727
                                                                                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 006CE746
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 006CE754
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 006CE773
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 006CE77E
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 006CE78A
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 006CE79B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4169c924e00444d4c0336161cb01f4cbbd18f1c138b29196334fb3696a2decdf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7f94123533b3c90a916c162e33e576cf25b202f52dcf835f5fe7f33f7c42780d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4169c924e00444d4c0336161cb01f4cbbd18f1c138b29196334fb3696a2decdf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60218771340608EFFB005F61ED8AF353B7BFB54759B10A429F405C1662DB76AC11DA28
                                                                                                                                                                                                                                                                                                                                                            Function 006CE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 006CEA5D
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 006CEA73
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006CEA84
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 006CEA96
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 006CEAA7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5f36abe8043f790d4fce476f78190c87bc8ed329272f46efb6cb1b4c6a51ca0b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: acdd9b0586d9cc63720f9964d0258aeeef8c40954156cad4d884e1127e61e8d4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f36abe8043f790d4fce476f78190c87bc8ed329272f46efb6cb1b4c6a51ca0b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84117071A902797DD720A7A1EC4AEFF6B7DEBD2B00F40042EB801A21D1EEB01945C9B0
                                                                                                                                                                                                                                                                                                                                                            Function 00678BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00678F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00678BE8,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 00678FC5
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00678C81
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00678BBA,00000000,?), ref: 00678D1B
                                                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 006B6973
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 006B69A1
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 006B69B8
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00678BBA,00000000), ref: 006B69D4
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006B69E6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 13a870da8f38e0f27ad29eaa8256088e2b3e15590d4858ca95be56b67413506f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8a89abd78d2aa12dce18e117b6ea8a5dbe9f31a4ba4191becc60ac4fa4ae2202
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13a870da8f38e0f27ad29eaa8256088e2b3e15590d4858ca95be56b67413506f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12617871542604DFDB229F15CA58BA5B7B3FB40322F54852CE04A9B6A0CB39ACC1CF98
                                                                                                                                                                                                                                                                                                                                                            Function 00679838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679944: GetWindowLongW.USER32(?,000000EB), ref: 00679952
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00679862
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 640ff9d3848806e669074ef95d87e8443103176475ffa5d1cd43a14361b41a6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c7da53652208397931a8dfbe899c96eb135e33f945ec9ebcce74ec0ff3108eed
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 640ff9d3848806e669074ef95d87e8443103176475ffa5d1cd43a14361b41a6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 184191711046449FDB209F389C84BF93BA7AB47331F188B55F9A68B2E1C7319C52DB21
                                                                                                                                                                                                                                                                                                                                                            Function 00698D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: .h
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3939481508
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 996d5e5e407ab48901c98f0efab1f3b5d5c7194a91dc2a759c3ccda7633dc05d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e6f22e0fd6228e0fe0353fb384a6073522870d0659bad264da883578c6b7d60
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 996d5e5e407ab48901c98f0efab1f3b5d5c7194a91dc2a759c3ccda7633dc05d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9C1D075904249AFDF11EFACC851BEDBBBAAF0A310F04419DE424A7792C7349A42CB75
                                                                                                                                                                                                                                                                                                                                                            Function 006C96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,006AF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 006C9717
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,006AF7F8,00000001), ref: 006C9720
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,006AF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 006C9742
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,006AF7F8,00000001), ref: 006C9745
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 006C9866
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 416a00e75e56c702a3fb1a5ded752e748b2994b6362dd984386fc6eef74aadc9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 80861d53c716062fd92df9d571a8e6329b886e5eaf657d5499f8f701a81738df
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 416a00e75e56c702a3fb1a5ded752e748b2994b6362dd984386fc6eef74aadc9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16413C72800219AADB44FBE0DE46EFE777AEF15740F20042DB50572192EA356F49CB75
                                                                                                                                                                                                                                                                                                                                                            Function 006C06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 006C07A2
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 006C07BE
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 006C07DA
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 006C0804
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 006C082C
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006C0837
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006C083C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ffd4addc01252f0a920e9bbe41772982461a3e23cbf5996a139b6ff94c2d363
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ffa8f4b78d53d78eb825b59fce957e0069d925db3c56ac964eb336601b901950
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ffd4addc01252f0a920e9bbe41772982461a3e23cbf5996a139b6ff94c2d363
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4741C372810229ABDF15EBA4DC95DFDB77AFF14750B144129E901B3261EB70AE44CBA0
                                                                                                                                                                                                                                                                                                                                                            Function 006E3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006E3C5C
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006E3C8A
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006E3C94
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006E3D2D
                                                                                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 006E3DB1
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 006E3ED5
                                                                                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 006E3F0E
                                                                                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,006FFB98,?), ref: 006E3F2D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 006E3F40
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 006E3FC4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006E3FD8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5f2eec88f8794532493318bc7b1b7f25508e63090eab34eb60234deb0f983b2a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ad10c92c89c4ca5e8acfed48c012f6dabe020e4793d27bec0ebd442c8268fbcd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f2eec88f8794532493318bc7b1b7f25508e63090eab34eb60234deb0f983b2a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CC122716083559FD700DF69C88896ABBEAEF89744F10491DF98A9B310DB31EE06CB52
                                                                                                                                                                                                                                                                                                                                                            Function 006D7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006D7AF3
                                                                                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 006D7B8F
                                                                                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 006D7BA3
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(006FFD08,00000000,00000001,00726E6C,?), ref: 006D7BEF
                                                                                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 006D7C74
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 006D7CCC
                                                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 006D7D57
                                                                                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 006D7D7A
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 006D7D81
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 006D7DD6
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006D7DDC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3fbf84a935c05c6a8b65214aadc3910d4d779d2075fd5875f632ba2251406e0e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b4ef5313bbbe6fecf2e9d488b42314dd00d57426fb8d8b63fc3c5088502e4d82
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fbf84a935c05c6a8b65214aadc3910d4d779d2075fd5875f632ba2251406e0e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95C10B75A04109AFCB14DFA4C884DAEBBFAFF48314B148499E81ADB361D730EE45CB91
                                                                                                                                                                                                                                                                                                                                                            Function 006F541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 006F5504
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006F5515
                                                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000158), ref: 006F5544
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 006F5585
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 006F559B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006F55AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57b02550469ebd1bad5d701cd78af5f010e1151a010264e19842523055308be3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e33835266cedb8aab252c2ebdf800728b3e327a547dae6f0c17b0dbd831e8438
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57b02550469ebd1bad5d701cd78af5f010e1151a010264e19842523055308be3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7615D7490460CABDF109F54CD84AFE7BBAEB05721F108149FB26AA290D7749E81DB61
                                                                                                                                                                                                                                                                                                                                                            Function 006BFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 006BFAAF
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 006BFB08
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006BFB1A
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 006BFB3A
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 006BFB8D
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 006BFBA1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006BFBB6
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 006BFBC3
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006BFBCC
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006BFBDE
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006BFBE9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ccf6254f15589dd1d859594dd67d97597602d5210b2f95c3ea251715c8870b6b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a05ae84e6cb310d3ed4128045548034031a608fbf9e59ee05503aafff71afb0f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccf6254f15589dd1d859594dd67d97597602d5210b2f95c3ea251715c8870b6b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C413E75A00219DFCB04DFA8CC549FEBBBAFF48354F008469E945A7261CB70A985CBA0
                                                                                                                                                                                                                                                                                                                                                            Function 006C9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 006C9CA1
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 006C9D22
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 006C9D3D
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 006C9D57
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 006C9D6C
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 006C9D84
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 006C9D96
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 006C9DAE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 006C9DC0
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 006C9DD8
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 006C9DEA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 83f29291fb5b372c74af959a68cf7bd83c54e459cefbe90b3d3878b350dd80cb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e92af7a4fdc9c76ed4d48a2557f89ad5cddee2435c62811f12f5b2a27e55f4bc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83f29291fb5b372c74af959a68cf7bd83c54e459cefbe90b3d3878b350dd80cb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3441B574504BC96DFF3096609408BF5BEA2EF21344F04905ED6C7667C2DBA4A9C8C7B2
                                                                                                                                                                                                                                                                                                                                                            Function 006E055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 006E05BC
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 006E061C
                                                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 006E0628
                                                                                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 006E0636
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 006E06C6
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 006E06E5
                                                                                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 006E07B9
                                                                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 006E07BF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb73513631754fa4a1473dcc3c05bb8567cb8503810671c74103e08bb329961e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ae88029725d3e4362ac8b1909a6eab0f70eae875f929625d2d27c3e26dff03b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb73513631754fa4a1473dcc3c05bb8567cb8503810671c74103e08bb329961e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E491AF356053419FE720DF16C588F5ABBE2AF44318F1485A9F4698B7A2C7B0EC85CF91
                                                                                                                                                                                                                                                                                                                                                            Function 006E8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8215839d4f950f4787036f821a8f0efc1942edcf73c6c7b842619cc911c3353c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 717fe795f2c94538d06feafeedc05b55642363c0eed72dcf6be85956e9d7ab2a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8215839d4f950f4787036f821a8f0efc1942edcf73c6c7b842619cc911c3353c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8519E31A016569FCB24DF69C9409FEB7A7BF64320B204229E82AE73C4DB35DD41CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006E372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 006E3774
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006E377F
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,006FFB78,?), ref: 006E37D9
                                                                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 006E384C
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006E38E4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006E3936
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 19dc1dcb1a57c88a7f657b0ab052d8b63b1a65b1bba29903091d24cf0eb1cea1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 91425c4aff19281584f19cadfd61f1127f8550b4f178163b9888a01a7e8f6abe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19dc1dcb1a57c88a7f657b0ab052d8b63b1a65b1bba29903091d24cf0eb1cea1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0461AC70609361AFD710DF55C948BAABBEAEF48714F00080DF8859B391D770EE49CB96
                                                                                                                                                                                                                                                                                                                                                            Function 006D8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 006D8257
                                                                                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 006D8267
                                                                                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 006D8273
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006D8310
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006D8324
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006D8356
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006D838C
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006D8395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6487197de19635530c12f21c4425f021e6e03ec6b436839ac40a1156bb41716
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e383e734aa487776cd5f162a3377ef8818e3f4d8676a6810efff26e6c2ea4137
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6487197de19635530c12f21c4425f021e6e03ec6b436839ac40a1156bb41716
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 846159725043459FCB10EF64C8449AEB3EAFF89324F04491EF989C7251EB31E945CB96
                                                                                                                                                                                                                                                                                                                                                            Function 006F8B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: GetCursorPos.USER32(?), ref: 00679141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: ScreenToClient.USER32(00000000,?), ref: 0067915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: GetAsyncKeyState.USER32(00000001), ref: 00679183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067912D: GetAsyncKeyState.USER32(00000002), ref: 0067919D
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 006F8B6B
                                                                                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 006F8B71
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 006F8B77
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 006F8C12
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 006F8C25
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 006F8CFF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1924731296-3045788843
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 63a468f6d95135eaa1a086dba5d313125cc3e61f3c15f7b67c8235360ca3682c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ba24c817aef6f85d99bcf7f4501c1c61ede5466af93cea5643bada35a150288e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63a468f6d95135eaa1a086dba5d313125cc3e61f3c15f7b67c8235360ca3682c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7518C70204208AFE704DF24DD56BBA77E6FB88710F40062DFA56972E1CB74A904CB66
                                                                                                                                                                                                                                                                                                                                                            Function 006D3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 006D33CF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 006D33F0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0bf28401ebe7e12e4328b3bc2333d4d57d909326e6298c2fdc476ce2931790bf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6df5922c4e5c294da686dc17a01234d2ef27b1d9429a4f658c7e70ef5e39ea72
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bf28401ebe7e12e4328b3bc2333d4d57d909326e6298c2fdc476ce2931790bf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3351AF71C00219AADF54EBA0DE46EFEB77AEF14300F10406AF50572292EB352F58DB65
                                                                                                                                                                                                                                                                                                                                                            Function 006CB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8d593aad25d9ebc490cde3feb1b7f71f4534171d5b1f66102dda5a8b689c6325
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 52073db320d7a6d4d8c9b5afe0ad7b951482fef1b0e94f033b114b4486308c39
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d593aad25d9ebc490cde3feb1b7f71f4534171d5b1f66102dda5a8b689c6325
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D41B732A000279ACB206F7EC992AFE77A7EB61754F24522EE465D7384E735CD81C790
                                                                                                                                                                                                                                                                                                                                                            Function 006D5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006D53A0
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 006D5416
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006D5420
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 006D54A7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57a1473fda24c376947c5eaaa85754ddef2e9517facc74f09b878ab67600971b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9816f9221b3d0374778e4b79af37b091d799fbfa29913755a4a99c95f0b117d6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57a1473fda24c376947c5eaaa85754ddef2e9517facc74f09b878ab67600971b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE318F35E006089FCB10DF68C584AEA7BF6EF45305F14806AE406DB792DB71DD86CB92
                                                                                                                                                                                                                                                                                                                                                            Function 006F3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 006F3C79
                                                                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 006F3C88
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006F3D10
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 006F3D24
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 006F3D2E
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 006F3D5B
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 006F3D63
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3150b2d52612a2db0af009806d9d381405bbe9b5a5712b8ace6e240955518d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2dd26358d7ff4d61e30d2ba29b47dbef1c9146cc67a58aef35fe49316e664525
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3150b2d52612a2db0af009806d9d381405bbe9b5a5712b8ace6e240955518d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A416779A0121DEFDB14DFA4D994AEA7BB6FF49350F140028FA46A7360D730AA14CF94
                                                                                                                                                                                                                                                                                                                                                            Function 006F3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 006F3A9D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 006F3AA0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F3AC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006F3AEA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 006F3B62
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 006F3BAC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 006F3BC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 006F3BE2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 006F3BF6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 006F3C13
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d7cb542c4ac59a4a6d88c5e744181885b001c72e6fd8f8c7e10630b8b806916e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d736efbed88b01e24a9a75963f63c459ed10d61c76b075d8327c4c9ba557919
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7cb542c4ac59a4a6d88c5e744181885b001c72e6fd8f8c7e10630b8b806916e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39618875A00258AFDB10DFA8CC81EFE77B9EB09310F104099FA05AB3A1C774AA42DB54
                                                                                                                                                                                                                                                                                                                                                            Function 006CB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 006CB151
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB165
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 006CB16C
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB17B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 006CB18D
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB1A6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB1B8
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB1FD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB212
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB21D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 28997fc24d07660ee4243e580ca1174de06ab87e6056525edc005074e3dfd8d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 92106427006c11827fed3fd406181c5d83e8349408de8c9221f29f261ac324ae
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28997fc24d07660ee4243e580ca1174de06ab87e6056525edc005074e3dfd8d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D318071500208AFEB249F24DD4AFBD7BABFB51322F14A019F901DA290D7B89E40CF65
                                                                                                                                                                                                                                                                                                                                                            Function 00692C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692C94
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CA0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CB6
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CC1
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CCC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CD7
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CE2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CED
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692CFB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ccf0c9b8a02112f9e884c3addd346ce9990ca063aa94deb564cdd004157a58ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8909205e05ea2cc747729d3f77899a1a83c01f4a1e26fbf4df4e43270f128387
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccf0c9b8a02112f9e884c3addd346ce9990ca063aa94deb564cdd004157a58ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF11D776100109BFCF42EF55D852CDD3BAAFF05750F4144A8F9485FA22D631EE509B94
                                                                                                                                                                                                                                                                                                                                                            Function 00665BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00665C7A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00665D0A: GetClientRect.USER32(?,?), ref: 00665D30
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00665D0A: GetWindowRect.USER32(?,?), ref: 00665D71
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00665D0A: ScreenToClient.USER32(?,?), ref: 00665D99
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 006A46F5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 006A4708
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 006A4716
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 006A472B
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 006A4733
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006A47C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6e016f9639a4aae1919c2878f160fa97db3c9998a4122a4278d18a6c6e7cbb11
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6a08eea6c2ca597eda099a5e062e34296bece89a80b6a35e49a383adf22247eb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e016f9639a4aae1919c2878f160fa97db3c9998a4122a4278d18a6c6e7cbb11
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A171BA30400249DFCF21AF64CD85AFA7BA3EF8A321F144269E9565A2A6CB71DC42DF50
                                                                                                                                                                                                                                                                                                                                                            Function 006D359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006D35E4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00732390,?,00000FFF,?), ref: 006D360A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cae8946746c1c4a6b78abcadf72cc8b631020aa48a9477f69d0aec627b7d297c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2649db11e68ffac7afc7ace632354c94f4112b9f25720e9af0c78d8d5d2e02ec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cae8946746c1c4a6b78abcadf72cc8b631020aa48a9477f69d0aec627b7d297c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B519071C00269BADF54EBA0DD42EEEBB7AEF14300F144129F505722A1DB305B99DFA9
                                                                                                                                                                                                                                                                                                                                                            Function 006DC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006DC272
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006DC29A
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006DC2CA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006DC322
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 006DC336
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 006DC341
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5f85184ca608e0cb337b91ef15fdb0be7d00ddc428185751ab19fc90c73dda8d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19e73a994796acb4d83ade7cf86cc0ec06a46e48751333bf463ac870bafa2bc3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f85184ca608e0cb337b91ef15fdb0be7d00ddc428185751ab19fc90c73dda8d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98316BB1A0020DAFDB21AF658988ABB7BFEEB49764B10851EF44692300DB30DD05DB60
                                                                                                                                                                                                                                                                                                                                                            Function 006C989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,006A3AAF,?,?,Bad directive syntax error,006FCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 006C98BC
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,006A3AAF,?), ref: 006C98C3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 006C9987
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 545a84a296d9d3d91aa5c7cdb8ba616983345b0da4ae97f3adf4c5da0d39e8e2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 748b18d023d5cf2bed858d9f20793168d8863242cfe31714912d61e13084f365
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 545a84a296d9d3d91aa5c7cdb8ba616983345b0da4ae97f3adf4c5da0d39e8e2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C215C7180026AABCF15AF90CC0AEFE777AFF18700F04445EB515661A2EA359A18DB24
                                                                                                                                                                                                                                                                                                                                                            Function 006C209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 006C20AB
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 006C20C0
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 006C214D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b07288118be2a40f20bdab421dd1619ab8d3cadc3b6c1c45237d8dba66f39358
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 690da26c9a14e734825872f299121aa63727825af9ead09eab75598a6cd29903
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b07288118be2a40f20bdab421dd1619ab8d3cadc3b6c1c45237d8dba66f39358
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E110AB6688717B9F6053620EC16EF6379ECF05324B20012EFF04A55D5EE7558425A18
                                                                                                                                                                                                                                                                                                                                                            Function 0069CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6450e4c7c576bfcc2aa1e5ff5d1ccd0018f3ceb8df5f07109ef26edc6fba363
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3e234f95c5719727c7f6f0c46181fcc762c40db957ec2387c9179e763f8b75d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6450e4c7c576bfcc2aa1e5ff5d1ccd0018f3ceb8df5f07109ef26edc6fba363
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA6127B1A04301AFDF21AFB898A1AAA7BEFEF05370F04416DF94597B81D7359D018794
                                                                                                                                                                                                                                                                                                                                                            Function 00678B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 006B6890
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 006B68A9
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006B68B9
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 006B68D1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006B68F2
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00678874,00000000,00000000,00000000,000000FF,00000000), ref: 006B6901
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 006B691E
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00678874,00000000,00000000,00000000,000000FF,00000000), ref: 006B692D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a8526d5d35ff594ffc04a1e61d037680e094c88b39d55ac2b20d973e914e4b37
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 497d00025ddc89b52819875d55f57fa703b20f747c87043bc4b3c49cfa1e3929
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8526d5d35ff594ffc04a1e61d037680e094c88b39d55ac2b20d973e914e4b37
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A518BB0600209EFDB20DF25CC55FAA7BB6FB58760F108528F90A972A0DB74ED91DB50
                                                                                                                                                                                                                                                                                                                                                            Function 006DC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006DC182
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006DC195
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 006DC1A9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006DC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006DC272
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006DC253: GetLastError.KERNEL32 ref: 006DC322
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006DC253: SetEvent.KERNEL32(?), ref: 006DC336
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006DC253: InternetCloseHandle.WININET(00000000), ref: 006DC341
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2312fb8998ac205ab5e82fa1356c8aaf12eb04599deaf2c31b6ad4cce9302224
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f257e380e821aaa76dd56b74d05db28080e1c6cde707c53971f68f028aaa667e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2312fb8998ac205ab5e82fa1356c8aaf12eb04599deaf2c31b6ad4cce9302224
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB318D71A0060AAFDB219FA5DD44AB6BBFBFF58320B10441EF95682710D731EA15DBA0
                                                                                                                                                                                                                                                                                                                                                            Function 006C25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C3A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: GetCurrentThreadId.KERNEL32 ref: 006C3A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006C25B3), ref: 006C3A65
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 006C25BD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 006C25DB
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 006C25DF
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 006C25E9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 006C2601
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 006C2605
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 006C260F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 006C2623
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 006C2627
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fa53987b71b23c76ebcaff2cdb4dbf3d9ddd7b3b637a3a16a28c968c3b5a9dce
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c219b6a628840ad1bcd82059d6e089f035be7698b4c9a43f4041662418d57ac
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa53987b71b23c76ebcaff2cdb4dbf3d9ddd7b3b637a3a16a28c968c3b5a9dce
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8801D430394224BBFB106769DC8AF6A3F5ADF4EB22F101009F318AF1D1C9F26454DA69
                                                                                                                                                                                                                                                                                                                                                            Function 006C1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,006C1449,?,?,00000000), ref: 006C180C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,006C1449,?,?,00000000), ref: 006C1813
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006C1449,?,?,00000000), ref: 006C1828
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,006C1449,?,?,00000000), ref: 006C1830
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,006C1449,?,?,00000000), ref: 006C1833
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006C1449,?,?,00000000), ref: 006C1843
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(006C1449,00000000,?,006C1449,?,?,00000000), ref: 006C184B
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,006C1449,?,?,00000000), ref: 006C184E
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,006C1874,00000000,00000000,00000000), ref: 006C1868
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5edad169dd28f9a56760f240e1a1d4b06fef3004323df99eeecdd5e1332c437
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f27559974c492abcc3df17271b41b80274e7f226f8ee6e365f5be5f000833cae
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5edad169dd28f9a56760f240e1a1d4b06fef3004323df99eeecdd5e1332c437
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F801BBB5240708BFE710EBA5DD4DF6B3BADEB8AB11F015411FA05DB1A2CA709810DB60
                                                                                                                                                                                                                                                                                                                                                            Function 006EA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 006CD501
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 006CD50F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CD4DC: CloseHandle.KERNEL32(00000000), ref: 006CD5DC
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006EA16D
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006EA180
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006EA1B3
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 006EA268
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 006EA273
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006EA2C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c530553a60c18be158e635be13a78ceee514da4dd959de05d09603a86c314c9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1dd04b18d24010d77c68ea831ff1f2b67fb8e4f3ab85b96867ab2638f328242
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c530553a60c18be158e635be13a78ceee514da4dd959de05d09603a86c314c9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81619A302053829FD720DF59C494F66BBE2AF44318F18849CE5669BBA3C772ED45CB92
                                                                                                                                                                                                                                                                                                                                                            Function 006F3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 006F3925
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 006F393A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 006F3954
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F3999
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 006F39C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 006F39F4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6ea3aa8681974a4231117aae635d4c0a9e05d00cc16beb8724304dd6474b355
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 551b89725854b5e0349a468cf6efd33dbcbc56c40363dad893fff533f0f11fd9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6ea3aa8681974a4231117aae635d4c0a9e05d00cc16beb8724304dd6474b355
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3417571A0021DABEF219F64CC45BFA77AAEF08350F10052AFA58E7391D7B59D84CB94
                                                                                                                                                                                                                                                                                                                                                            Function 006CBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006CBCFD
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 006CBD1D
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 006CBD53
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(01285ED8), ref: 006CBDA4
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(01285ED8,?,00000001,00000030), ref: 006CBDCC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05e102344d809c2eab9ce2ec72a8865637973f4f494f31337530ce366b12dc07
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a1976e2b2493195cfe7e0002b019dfdf37e33aaa19a7bfce74d8f02921d2ec5c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05e102344d809c2eab9ce2ec72a8865637973f4f494f31337530ce366b12dc07
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94519D70A002099BDB10DFA8D986FFEBBFAEF45324F14615DE40297390D771A945CB61
                                                                                                                                                                                                                                                                                                                                                            Function 00682D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00682D4B
                                                                                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00682D53
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00682DE1
                                                                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00682E0C
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00682E61
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                            • String ID: &Hh$csm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1897021073
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 31356c900086e747371a913e9685538b0801080b061e96ab4becb0cb2a4bb729
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e791b956beaa4d9d62fd1c00ed71e94448cb815ad39628bf75953253bf6879f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31356c900086e747371a913e9685538b0801080b061e96ab4becb0cb2a4bb729
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5041C474A0021AEBCF10EF68C865ADEBFB6BF44324F148259E8146B392D7759A01CBD4
                                                                                                                                                                                                                                                                                                                                                            Function 006CC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 006CC913
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 632556bccaa16fe0454dd97f832f1047f85b7d5ace7906f43d57425820863d88
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd94c8fbf5d1c52b0365ec11ff00df27413f49d4bba65c6de6f8e0a7eece3f19
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 632556bccaa16fe0454dd97f832f1047f85b7d5ace7906f43d57425820863d88
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35110D31689317BAE705AB55AC83EFB67ADDF15374B10002FF508A6382EB74DE015369
                                                                                                                                                                                                                                                                                                                                                            Function 006CED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec285c01fccbb0826c9cd3f14f8730bde986a7109c942fdb34ef274de0520b76
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e75eb91c842147436ec92bc1c083ffd03de33283b9617d31e77db8fa0bafa35f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec285c01fccbb0826c9cd3f14f8730bde986a7109c942fdb34ef274de0520b76
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46419565C1011865CB51FBB4C88AADFB7BAEF45310F50456AF618E3162EB34E345C3E9
                                                                                                                                                                                                                                                                                                                                                            Function 0067F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 0067F953
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 006BF3D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 006BF454
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b88375b10a1bb50f9fa734895227a03046c01e200070be4ee7713c82561f75fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 355691ca3010e71994e3a4034c400f52f5d87dcb2aa87558dd9cf6e5692ddbec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b88375b10a1bb50f9fa734895227a03046c01e200070be4ee7713c82561f75fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4411831208680BEC7349B2D8D88FFA7BD3AB46320F14C43CE25F56671E631A881CB51
                                                                                                                                                                                                                                                                                                                                                            Function 006F2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006F2D1B
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006F2D23
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006F2D2E
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 006F2D3A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 006F2D76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 006F2D87
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,006F5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 006F2DC2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 006F2DE1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05a21cd5daa319d9de942d772524d22d3f1afd41b20bc83968b10db9cf2e1cc7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4f638dc0f3932a4d239a9e0e7d4eca01a83a8d99217d28256e06ebe42dc99e64
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05a21cd5daa319d9de942d772524d22d3f1afd41b20bc83968b10db9cf2e1cc7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0316972201618BBEB218F50CD8AFFB3BAAEF09725F044055FE08DA291C6759C51CBA4
                                                                                                                                                                                                                                                                                                                                                            Function 006C5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac48ba01043ad47b2471e4d0155d7050bc803a4aa576bcde25ac5f8b5826e5c8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a7a94745c40cedbf930964ce2ee835e79dbeeba59bf17e8032c5d6d588a0b525
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac48ba01043ad47b2471e4d0155d7050bc803a4aa576bcde25ac5f8b5826e5c8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5321CC61640A1977D61467128DA2FFB335FEF12384F54002DFE069E651FB21FD9282AD
                                                                                                                                                                                                                                                                                                                                                            Function 006E4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ffcde7acc8d716278eb52f4efbfbbc0138011a444432e547f8fe002830e08562
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fe92c39e6f846ab8ae49ba3d192919016b5be68887602b918952c315f2689e9d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffcde7acc8d716278eb52f4efbfbbc0138011a444432e547f8fe002830e08562
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07D1AF71A0174A9FDB10CFA9C880BEEB7B6BF48358F148069E916AB281E771DD45CB50
                                                                                                                                                                                                                                                                                                                                                            Function 006A1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,006A17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 006A15CE
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006A17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006A1651
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,006A17FB,?,006A17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006A16E4
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006A17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006A16FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,006A17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006A1777
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006A17A2
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006A17AE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2553ddfefb6eee34ec1bf287b5c37fa4e83acbbad3eb826728ba2ea4c00c95d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 434d656577604623b82c8fcb18277727e21861ab6dc8b80032ac731d8827b1df
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2553ddfefb6eee34ec1bf287b5c37fa4e83acbbad3eb826728ba2ea4c00c95d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A91A2B1E042169ADF24AE64C991EEE7BB79F4B310F185659E802EF281E735DC41CF60
                                                                                                                                                                                                                                                                                                                                                            Function 006E4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: adbccafe7c4184fc895d1af54c6357b2c4fa2bebdc80cc0f3b3393af2231b288
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ccb8df431c1355b66070f2bba5935680812124395fd639f5dabf4deab2f611ac
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adbccafe7c4184fc895d1af54c6357b2c4fa2bebdc80cc0f3b3393af2231b288
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE91A471A01359ABDF24CFA6C844FEEB7BAEF86710F108559F505AB280DB709945CFA0
                                                                                                                                                                                                                                                                                                                                                            Function 006D1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 006D125C
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 006D1284
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 006D12A8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D12D8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D135F
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D13C4
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D1430
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6eef61d9b464f7d8d7304d57f54bd69f12a495e151af9124ca2146522b866815
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b3b70cb5747a033163adbef441ac8050f7ffa1b55e97bc4d2ce3300b2c291fa4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6eef61d9b464f7d8d7304d57f54bd69f12a495e151af9124ca2146522b866815
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7991C171E00209AFDB10DF98C885BBEB7B6FF46325F14442AE900EB391D7B5A941CB94
                                                                                                                                                                                                                                                                                                                                                            Function 0067948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 31c2fdfe4fd4b0b1112c23957c156468ec02630692950dffee0b2bb548b283b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c57304638f1a19228e0edb757e5b2ced686dcab1e719ea050853b2fefa3ea1c1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31c2fdfe4fd4b0b1112c23957c156468ec02630692950dffee0b2bb548b283b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92912571D00219EFDB10CFA9C884AEEBBFAFF89320F148159E515B7251D775AA42CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006E3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006E396B
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 006E3A7A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006E3A8A
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006E3C1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D0CDF: VariantInit.OLEAUT32(00000000), ref: 006D0D1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D0CDF: VariantCopy.OLEAUT32(?,?), ref: 006D0D28
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D0CDF: VariantClear.OLEAUT32(?), ref: 006D0D34
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a4e1826e8c64d2c18b8e3c220d302fb94999e8e981638bca3aa0c1b9ac9dbd06
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c6a48a995d7f7ae0ef368be33fa469ba577c76763b0b40b72d5872a01761896e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4e1826e8c64d2c18b8e3c220d302fb94999e8e981638bca3aa0c1b9ac9dbd06
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B79188746083459FC704DF29C48496AB7E6FF88314F14886EF88A9B351DB31EE46CB96
                                                                                                                                                                                                                                                                                                                                                            Function 006E4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?,?,006C035E), ref: 006C002B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0046
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0054
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?), ref: 006C0064
                                                                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 006E4C51
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006E4D59
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 006E4DCF
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 006E4DDA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ac85e538890b8259ab9d4b802b50b5a83eef4e5e6d493f354783085ba57224b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b8ebcb234e2302aa0b183632c26ce3467b907fa2bcb9692b370fbb1fef0b343
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ac85e538890b8259ab9d4b802b50b5a83eef4e5e6d493f354783085ba57224b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05912671D0125DAFDF14DFA5C891AEEB7BABF08310F10856AE915B7241DB309A45CFA0
                                                                                                                                                                                                                                                                                                                                                            Function 006F20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 006F2183
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 006F21B5
                                                                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 006F21DD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F2213
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 006F224D
                                                                                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 006F225B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C3A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: GetCurrentThreadId.KERNEL32 ref: 006C3A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006C25B3), ref: 006C3A65
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 006F22E3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CE97B: Sleep.KERNEL32 ref: 006CE9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11d2e30f2a08fd008891d7b2882ea4f3d23e9bcabd149901a25251825d5bf88e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dab24a56a1f2ba06bb1f063b816c711747648d60bb809dacb6b363f1115e414c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11d2e30f2a08fd008891d7b2882ea4f3d23e9bcabd149901a25251825d5bf88e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56716275A00209AFCB50DFA4C851ABEB7F2EF48320F148459EA16AB341D734EE418F94
                                                                                                                                                                                                                                                                                                                                                            Function 006CAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 006CAEF9
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 006CAF0E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 006CAF6F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 006CAF9D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 006CAFBC
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 006CAFFD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 006CB020
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67c32c8bf5bf89f187b2332f2d3768bc9612063f11cd25bb53d92d4f29ea90c9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 69e4193eb5fce6d9765d64a5e35b6648cd5841d83e7b1e8f48f59e61a7137e32
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67c32c8bf5bf89f187b2332f2d3768bc9612063f11cd25bb53d92d4f29ea90c9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5551C4A06147D93DFB3642748C4AFFA7EAA9B06308F08958DE1E5855C3C3A8ADC4D752
                                                                                                                                                                                                                                                                                                                                                            Function 006CACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 006CAD19
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 006CAD2E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 006CAD8F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 006CADBB
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 006CADD8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 006CAE17
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 006CAE38
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec7592b04a4ce62fd1b3798484c67f07d08751b38fac00c93661e1cc800e2435
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5399ff8a39eac45da00a83b58bb63c73f5d5c178384691693d5badd689d7d7c5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec7592b04a4ce62fd1b3798484c67f07d08751b38fac00c93661e1cc800e2435
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7151D5B15047D93DFB3243B48C55FBA7EAA9F45308F08858DE1D6869C3C294EC84E792
                                                                                                                                                                                                                                                                                                                                                            Function 0069542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(006A3CD6,?,?,?,?,?,?,?,?,00695BA3,?,?,006A3CD6,?,?), ref: 00695470
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 006954EB
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00695506
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,006A3CD6,00000005,00000000,00000000), ref: 0069552C
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,006A3CD6,00000000,00695BA3,00000000,?,?,?,?,?,?,?,?,?,00695BA3,?), ref: 0069554B
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00695BA3,00000000,?,?,?,?,?,?,?,?,?,00695BA3,?), ref: 00695584
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f7ff12cdb2f75768311ddb124b563bb28963ed008feb2b6b375b068bd933e110
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aa73cb286919b6526da3ef612085a7c5e2d9378cad156822c1acfdfc2de6167b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7ff12cdb2f75768311ddb124b563bb28963ed008feb2b6b375b068bd933e110
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D651E471A006099FDF11CFA8D841AEEBBFAEF09300F15415AF556E7392E7309A41CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006E10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006E304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006E307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006E304E: _wcslen.LIBCMT ref: 006E309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 006E1112
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E1121
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E11C9
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006E11F9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 97f82db935f453ec294fa4688ac252dd07042ed4110147323a028a9c5e17dc13
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e6bcc381fc278f422e632abd41613758b08712df9646d7b4b1a8f17d4a5df007
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97f82db935f453ec294fa4688ac252dd07042ed4110147323a028a9c5e17dc13
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8541F231600648AFDB109F55C884BEABBEBEF86364F148059F9169F391C770AD41CBA0
                                                                                                                                                                                                                                                                                                                                                            Function 006CCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006CCF22,?), ref: 006CDDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006CCF22,?), ref: 006CDE16
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 006CCF45
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 006CCF7F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006CD005
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006CD01B
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 006CD061
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a272fc53684079a7b24940a048b8ebd41bf1b5482b48d840ca16623e370ced46
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9a269e891c4c017852f52ec053008a26c2065794b37cba5aa41fcba7db1decc2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a272fc53684079a7b24940a048b8ebd41bf1b5482b48d840ca16623e370ced46
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F4144719052185EDF52EBA4C981FEDB7BAEF48390F0000EEE509EB141EA34A689CB54
                                                                                                                                                                                                                                                                                                                                                            Function 006F2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 006F2E1C
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F2E4F
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F2E84
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 006F2EB6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 006F2EE0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F2EF1
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006F2F0B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 02c95efeea3832b7115fce29850a7b29be230bac4e894b2621c6629483875ff4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6899685919fc1254b21ee46ebb6bb0fc0b995a3aad08d3a6ac10626f803b1155
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02c95efeea3832b7115fce29850a7b29be230bac4e894b2621c6629483875ff4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA31143064514A9FEB208F18DD94FA537E2EB4A721F2551A4FA00CF2B1CB71A841DF00
                                                                                                                                                                                                                                                                                                                                                            Function 006C7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C7769
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C778F
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 006C7792
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 006C77B0
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 006C77B9
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 006C77DE
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 006C77EC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e3bf9b1262c6859cf519a6d8e6f6fcf2e0d356293182bb6d1598ca59c5f4e25b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be9128414d00542e35a7c09dd0c8a6ef1ec69cf513e0b8b076f412f7ed2b74e0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3bf9b1262c6859cf519a6d8e6f6fcf2e0d356293182bb6d1598ca59c5f4e25b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67217F7660821DAFDB10DFA8CD88DFA77AEEB097647048029F915DB250D670DC45CB74
                                                                                                                                                                                                                                                                                                                                                            Function 006C77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C7842
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C7868
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 006C786B
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 006C788C
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 006C7895
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 006C78AF
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 006C78BD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 02039fd8788d9ae243130baf98c50d67fdbfe77b991225b2a6ba29cf23cbcc76
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3097635766aa4a22125cba35daf52090621c383b90ca411d914c1b75ed529e83
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02039fd8788d9ae243130baf98c50d67fdbfe77b991225b2a6ba29cf23cbcc76
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC214435609108BFDB10AFA8DC8DEBA77EDEB097607108139FA15CB2A1D674DC41CB64
                                                                                                                                                                                                                                                                                                                                                            Function 006D04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 006D04F2
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006D052E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1a8ef03600fb674e615dbdd2b070c729a13b087ecf024c87b83a82c24b661d93
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0e7523305236aadc39cf5c415b63250afec6e4da8334dc141dd027a297647c6d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a8ef03600fb674e615dbdd2b070c729a13b087ecf024c87b83a82c24b661d93
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8215EB5D00305EBEB209F29E945BAA77A6AF45724F204A1AECA1D73E0D7709950DF20
                                                                                                                                                                                                                                                                                                                                                            Function 006D05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 006D05C6
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006D0601
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dc9cf1f2fb9a91a4e8052e1e70b8e0479025832946aceadcb1f767a8cc8fc784
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e0daaf98d8dcea1e74551a2b8f3bb57480ab83f439a5525f9f4c7713e33a67c3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc9cf1f2fb9a91a4e8052e1e70b8e0479025832946aceadcb1f767a8cc8fc784
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8215175D003459BEB209F799C04BAA77E6AF95730F200A1AF8A1E73E0D770D961CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006F40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0066604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066600E: GetStockObject.GDI32(00000011), ref: 00666060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0066606A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 006F4112
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 006F411F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 006F412A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 006F4139
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 006F4145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3ea986d15074d497c73f7dd02bc740610289dd7027e094c2be9a459f6a1018bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f64e1d339063a1ed5c7862adbf7bfa9553e062a6b9c53ce4c3bae21f7bd66afe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ea986d15074d497c73f7dd02bc740610289dd7027e094c2be9a459f6a1018bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8118EB214021DBEEB118F64CC85EF77F5EEF087A8F014110BB18A2150CA769C21DBA4
                                                                                                                                                                                                                                                                                                                                                            Function 0069D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D7A3: _free.LIBCMT ref: 0069D7CC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D82D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D838
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D843
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D897
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D8A2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D8AD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D8B8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38e6aeca5e90b299740c396fd98ae14dbd70162d9a4ed0e801b8991c3c7ee200
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26112C71540B04BADEA1BFF1CC46FCB7B9E6F00710F400829B29DAA892DA65E50546A4
                                                                                                                                                                                                                                                                                                                                                            Function 006CDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 006CDA74
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 006CDA7B
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 006CDA91
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 006CDA98
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 006CDADC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 006CDAB9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 01a3874f40131da39004cf098e179594408ff0137998d2dd54914f60d5c89eda
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0693f500187e543cba09dc30c665d8d735854479d2383d02d4debc645ba78e8e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01a3874f40131da39004cf098e179594408ff0137998d2dd54914f60d5c89eda
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01016DF290020C7FE710EBA4DE89EFB766DEB08711F4014A6B746E2141EA749E848F74
                                                                                                                                                                                                                                                                                                                                                            Function 006D096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0127F3B0,0127F3B0), ref: 006D097B
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0127F390,00000000), ref: 006D098D
                                                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 006D099B
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 006D09A9
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006D09B8
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0127F3B0,000001F6), ref: 006D09C8
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0127F390), ref: 006D09CF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b4a20f85196b5396646d89d3ab5bb3edfd67e7ceeec8b2395dab692d5045d360
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3f4559a409eae0d7313da7c52f31876293d323a76c30b5899d93f9e7d45ce927
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4a20f85196b5396646d89d3ab5bb3edfd67e7ceeec8b2395dab692d5045d360
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF01D32442906ABE7415B94EF88BE67A26FF01712F403016F101948A0C7749565DF90
                                                                                                                                                                                                                                                                                                                                                            Function 006E1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 006E1DC0
                                                                                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 006E1DE1
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E1DF2
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 006E1EDB
                                                                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 006E1E8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C39E8: _strlen.LIBCMT ref: 006C39F2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006E3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,006DEC0C), ref: 006E3240
                                                                                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 006E1F35
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e82e03bb86b8cf953270a8bd8aad6fa713cfef5cbf661510a17bca5ba2a9e659
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46bd808b2683b87b03e28af0ed6a7bcb4073f40bc75caa260c3b0d903563bae2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e82e03bb86b8cf953270a8bd8aad6fa713cfef5cbf661510a17bca5ba2a9e659
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5B1CF30204380AFD324DF25C895E6A7BE6AF85318F54894CF45A9F3A2DB31ED46CB91
                                                                                                                                                                                                                                                                                                                                                            Function 006901B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 006900BA
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006900D6
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 006900ED
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0069010B
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00690122
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00690140
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4cec039e8a5bf9371cba133158c50ab1b308ef67e9781231409a79b84d06a2a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B81E576A007069FEB24AF68CC41BAA73EFAF45724F24463EF551DAB81E770D9008B54
                                                                                                                                                                                                                                                                                                                                                            Function 006961FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,006882D9,006882D9,?,?,?,0069644F,00000001,00000001,8BE85006), ref: 00696258
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0069644F,00000001,00000001,8BE85006,?,?,?), ref: 006962DE
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006963D8
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006963E5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006963EE
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00696413
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3367538f8b71623ffc7e1ad9b0bca56dcf3f42148d48431ddb52f69d77f74d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f821aa4417562340e03f2272ee240ea91962518be52e3ce88d7ec10f178f52a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3367538f8b71623ffc7e1ad9b0bca56dcf3f42148d48431ddb52f69d77f74d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0751CE72A00316ABEF268F64CD81EBF77AFEB44750F154629F805D6680EB34DD51C6A0
                                                                                                                                                                                                                                                                                                                                                            Function 006EBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006EC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EBCCA
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006EBD25
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006EBD6A
                                                                                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 006EBD99
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 006EBDF3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006EBDFF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 737856c1ea2bdab2f855773e15e0fc2be89ee95a0e38013e029f8f18b17555c2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b36c42c940c659a7e395425e1e1a4dde79633ecc6a10fdf91bb8d182ffcbc96
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 737856c1ea2bdab2f855773e15e0fc2be89ee95a0e38013e029f8f18b17555c2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12818C30109381AFD714DF25C895E6ABBE6FF84308F14995CF4598B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                            Function 006BF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 006BF7B9
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 006BF860
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(006BFA64,00000000), ref: 006BF889
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(006BFA64), ref: 006BF8AD
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(006BFA64,00000000), ref: 006BF8B1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006BF8BB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a9bc3088b0541f61f0b12b0901a729f13489f0b6e7df98b40c583b62872ac607
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c7dc53f4a25a2aa92e836d657038723f30d002a5b68d22b558c5ad603d57002
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9bc3088b0541f61f0b12b0901a729f13489f0b6e7df98b40c583b62872ac607
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4551D871900310BACF646B65DC95BA9B3E7EF45710B20947BE905DF2A1DB708C81CB9A
                                                                                                                                                                                                                                                                                                                                                            Function 006D910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 006D94E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D9506
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D952D
                                                                                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 006D9585
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3ac128ab3c65504be88e1b339e94c051d488bcac5dbc40aba4ea65b04f6b8538
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d52f7d045e7a417f4f26b961642c245cae3c71218c4ec2ac0a48f8bc7ed9d85
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ac128ab3c65504be88e1b339e94c051d488bcac5dbc40aba4ea65b04f6b8538
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFE1B531904340DFD764EF24C881A6AB7E6BF85314F14896DF8899B3A2DB31DD05CBA5
                                                                                                                                                                                                                                                                                                                                                            Function 0067920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2
                                                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00679241
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006792A5
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006792C2
                                                                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 006792D3
                                                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00679321
                                                                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 006B71EA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679339: BeginPath.GDI32(00000000), ref: 00679357
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 730cf408954c710a3900013c189ec5d5b892e449347fee79072649e76ddb9cb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2ff7d99010ccdc2fdf8dcca6048ad8740cd124c14bdd4d77c5e0fd14f2208ab6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 730cf408954c710a3900013c189ec5d5b892e449347fee79072649e76ddb9cb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD41B270104200AFE710DF24CC84FBA7BFAEB85331F144269F969872A2C731A945DB71
                                                                                                                                                                                                                                                                                                                                                            Function 006D07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 006D080C
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 006D0847
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 006D0863
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 006D08DC
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 006D08F3
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 006D0921
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 64ee3b74a75393d2c4cc0fca0e8d4ef418d3cb2dbee8c6cdb8924096a13c8b3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a1d9712293c1d4f252a7267229c1e2c323a7d5aebc65056d6f8575700d414923
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64ee3b74a75393d2c4cc0fca0e8d4ef418d3cb2dbee8c6cdb8924096a13c8b3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10415C71900209EBEF14EF54DC85AAA777AFF04310F1480A9ED049E297DB70DE65DBA4
                                                                                                                                                                                                                                                                                                                                                            Function 006F81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,006BF3AB,00000000,?,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 006F824C
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 006F8272
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 006F82D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 006F82E5
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 006F830B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 006F832F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d2ac4972d799ad626cd9adceff7c2d0931cd1d2c6378b694415277ba359ad234
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 48a7ac3a835d35bf3c8488ae4deaeea6fe23d3d7c7b4d1bdbf9cadb559b0ebea
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2ac4972d799ad626cd9adceff7c2d0931cd1d2c6378b694415277ba359ad234
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F41923060164CEFDB11CF54C899BF87BE2BB0A715F1851E9E6084B272CB31B945CB94
                                                                                                                                                                                                                                                                                                                                                            Function 006C4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 006C4C95
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 006C4CB2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 006C4CEA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C4D08
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 006C4D10
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 006C4D1A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 68aff2b26276394fd699645df790cc1a3489850c25a948e62b92eece17997cbb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4c26439b82080cf0dbc61d2e1f4c85603b6b7cba0b8e84c5bab953324b2f6d33
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68aff2b26276394fd699645df790cc1a3489850c25a948e62b92eece17997cbb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE21FC316041057BEB15AB39DD59F7B7B9EDF45760F10802DF809CA191EE61DC01D7A0
                                                                                                                                                                                                                                                                                                                                                            Function 006D581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006D587B
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006D5995
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(006FFCF8,00000000,00000001,006FFB68,?), ref: 006D59AE
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006D59CC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f4c929b9d87376ca5da2734c89ac57538e1a9ddbb7e6e2da8c9a633ee6de9bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 35906c8b6a88b7a81db077ba155b9503b59bfab35248c701b2479d7870cffe09
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f4c929b9d87376ca5da2734c89ac57538e1a9ddbb7e6e2da8c9a633ee6de9bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49D14471A047019FC714DF24C49096ABBE6FF89724F14895EF88A9B361DB31EC45CB92
                                                                                                                                                                                                                                                                                                                                                            Function 006C175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006C0FCA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006C0FD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006C0FE5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006C0FEC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006C1002
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,006C1335), ref: 006C17AE
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 006C17BA
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 006C17C1
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 006C17DA
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,006C1335), ref: 006C17EE
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C17F5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 92d33fa9ea34ccc45817f735ebd2991c7bfae4c03255485be54c6797a59fd802
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 702614b57b2227070154f5c18c942e4c63f30c1f0e6dbe0c1ba560c148731ff5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92d33fa9ea34ccc45817f735ebd2991c7bfae4c03255485be54c6797a59fd802
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22115931500209EFDB109BA4CD49FFE7BAAEF46365F10441CE4819B211D736AA55DBA0
                                                                                                                                                                                                                                                                                                                                                            Function 006C14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006C14FF
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 006C1506
                                                                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 006C1515
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 006C1520
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006C154F
                                                                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 006C1563
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed6e1d9f514ea5fb50d680fe587ffd171d63df5222974dc2cceef6a8cf5bee63
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a94d064ad6e07af22886508517f792a3b59d3deb777d5c2b7c0c295c876cfd17
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed6e1d9f514ea5fb50d680fe587ffd171d63df5222974dc2cceef6a8cf5bee63
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3116D7250020DABDF11CF94DE49FEE7BAAEF4A754F044018FA05A6160C372CE65EB60
                                                                                                                                                                                                                                                                                                                                                            Function 00683382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00683379,00682FE5), ref: 00683390
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0068339E
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006833B7
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00683379,00682FE5), ref: 00683409
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 08aaf63c73f61d3a6e1ae1797078db90aa84274f61611a0a56a8e7a2df95a400
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4334ccbe2ff3c6d2a27abfbe8a823fea8b2a159cf2ef7d45d1253f13fd4a5878
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08aaf63c73f61d3a6e1ae1797078db90aa84274f61611a0a56a8e7a2df95a400
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD01B533609331BFAB7537786C859AA2A96EB25B75720432DF410853F1EF154D025788
                                                                                                                                                                                                                                                                                                                                                            Function 00692D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00695686,006A3CD6,?,00000000,?,00695B6A,?,?,?,?,?,0068E6D1,?,00728A48), ref: 00692D78
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692DAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692DD3
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0068E6D1,?,00728A48,00000010,00664F4A,?,?,00000000,006A3CD6), ref: 00692DE0
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0068E6D1,?,00728A48,00000010,00664F4A,?,?,00000000,006A3CD6), ref: 00692DEC
                                                                                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00692DF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93c0ffcfff3c1b1afcaf740cd484d85c4fef1ffd710e8bc01592693eee1d4f27
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0bf6891f7be22e75d1ad8a19b545897f6424dfeb07df8ea615a22d0b00d5df2e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93c0ffcfff3c1b1afcaf740cd484d85c4fef1ffd710e8bc01592693eee1d4f27
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17F0283250460277CF626334BC36E6F255FAFC17B0F20401DF824D2ED2EE24880651A4
                                                                                                                                                                                                                                                                                                                                                            Function 006F8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00679693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: BeginPath.GDI32(?), ref: 006796B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 006F8A4E
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 006F8A62
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 006F8A70
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 006F8A80
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 006F8A90
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 006F8AA0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 63a6ec85ee43f7e4b559baf06059c95193c135811e68a0eff4a8bc44d28974ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0f770a31647b35152080ad033d291129deb28c377ca77c3b1e36c16a37a5f79a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63a6ec85ee43f7e4b559baf06059c95193c135811e68a0eff4a8bc44d28974ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B110C7600014DFFEB119F90DC48EAA7F6DEB04364F008052BA1996161C7729D55DB60
                                                                                                                                                                                                                                                                                                                                                            Function 006C51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006C5218
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 006C5229
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006C5230
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 006C5238
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 006C524F
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 006C5261
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 097f2cda054803bef38ff852ff838eeff8c21462c21dc17e33c917c5b39e3ff0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3a7fba895dffde2b661773598a2305132ae3ef26d84159e2809c9279542067a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 097f2cda054803bef38ff852ff838eeff8c21462c21dc17e33c917c5b39e3ff0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11018475A04708BBEB109BA59D49F6EBFB9EB44361F044065FA05E7380DA709900CB60
                                                                                                                                                                                                                                                                                                                                                            Function 00661BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00661BF4
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00661BFC
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00661C07
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00661C12
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00661C1A
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00661C22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ae9f83fbf093dfe0343a59c2dc6071ecc71f44498094d9a131853c7f9876228
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b4081a0fd309a50a30a59c8250489170e6133683d2d63b5769ac73df6852effe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ae9f83fbf093dfe0343a59c2dc6071ecc71f44498094d9a131853c7f9876228
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                            Function 006CEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 006CEB30
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 006CEB46
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 006CEB55
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006CEB64
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006CEB6E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006CEB75
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0be96f6d2ee06a8499343b7f1f2adef0f68bbf30f01c21bdef651527a4f2e297
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aba954e36eedd48f1d7c4986f88b599d71dc8aaed8044b2e3781f38e4f693a24
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0be96f6d2ee06a8499343b7f1f2adef0f68bbf30f01c21bdef651527a4f2e297
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87F03A7224055CBBE7219B629E0EEFF3A7DEFCBB21F001158F601D1191DBA05A01D6B5
                                                                                                                                                                                                                                                                                                                                                            Function 006B7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 006B7452
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 006B7469
                                                                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 006B7475
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 006B7484
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 006B7496
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 006B74B0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dfbd650b70474ac875dff95ba68d3c1d5c0dfcb2cd359ac192c910794bd4ce43
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf665514ceb7f903e973d9230785fb384b9fe3378e07c9741d5c0571f846249a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfbd650b70474ac875dff95ba68d3c1d5c0dfcb2cd359ac192c910794bd4ce43
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B018B31404209EFEB105F64DD08BFE7BB6FB04322F605060F915A22A0CB312E51EB10
                                                                                                                                                                                                                                                                                                                                                            Function 006C1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 006C187F
                                                                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 006C188B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006C1894
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006C189C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 006C18A5
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C18AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac9c4ac9dc297c2134e3036065104849c5b331d4d875043eb898665040b695be
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1924fc672279b3fd904e823349576bd15347ec2f26a3c79a4d4b4ac35a341f86
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac9c4ac9dc297c2134e3036065104849c5b331d4d875043eb898665040b695be
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61E0E536004909BBDB01AFA1EE0CD1ABF3AFF4AB32B109220F22581070CB329430EF50
                                                                                                                                                                                                                                                                                                                                                            Function 0066BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0066BEB3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: D%s$D%s$D%s$D%sD%s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-2682592477
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b1589c63d0b4f11b73faafa1d709ddc4eb009620c919eb7b98a187185417a607
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b14ba81f19be18ade62e240816429c707eed32122a08de2dd63deedffe367a3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1589c63d0b4f11b73faafa1d709ddc4eb009620c919eb7b98a187185417a607
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F913A75A0021ADFCB18CF59C0906AABBF2FF58314F249169D945EB351E731EE82CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006E7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00680242: EnterCriticalSection.KERNEL32(0073070C,00731884,?,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068024D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00680242: LeaveCriticalSection.KERNEL32(0073070C,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068028A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800A3: __onexit.LIBCMT ref: 006800A9
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 006E7BFB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006801F8: EnterCriticalSection.KERNEL32(0073070C,?,?,00678747,00732514), ref: 00680202
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006801F8: LeaveCriticalSection.KERNEL32(0073070C,?,00678747,00732514), ref: 00680235
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: +Tk$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 535116098-3356992489
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05bf611fc8fae255a3ee61a98a5ec7df1c3ac883aa16c8d19618fd96756e5297
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a748457d1797dd4ab97e87b7e5d1a8d34bb54968a4f8d225a84df9d8706fae8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05bf611fc8fae255a3ee61a98a5ec7df1c3ac883aa16c8d19618fd96756e5297
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D919970A05249EFCB14EF96D9919ADB7B7EF48300F20805DF806AB392DB71AE41CB55
                                                                                                                                                                                                                                                                                                                                                            Function 006CC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006CC6EE
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006CC735
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006CC79C
                                                                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 006CC7CA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 63a7881a92d094e8b09fb44e3f8169c6d06dac8954e0441e5f307cfa9b51ea03
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f7efd73b1b2b47e93e30a183fcf5f1a74b8e612d58ffbbcae999ab76b916eba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63a7881a92d094e8b09fb44e3f8169c6d06dac8954e0441e5f307cfa9b51ea03
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB51DE716043009BD7509F28C985FBBB7EAEF49320F040A2DF999E32A1DB74D804CB66
                                                                                                                                                                                                                                                                                                                                                            Function 006EAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 006EAEA3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625
                                                                                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 006EAF38
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006EAF67
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 22347eee82f5ec7cf18086ce17b961967813fe08288ee7043b83bb7b04460b04
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7396a3e04b6252fa054e9d0c5c112e384d0c08c089004013959385862b16db45
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22347eee82f5ec7cf18086ce17b961967813fe08288ee7043b83bb7b04460b04
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD718770A00659DFCB14DFA5C484A9EBBF2BF08314F04849DE856AB3A2CB70ED45CB95
                                                                                                                                                                                                                                                                                                                                                            Function 006C719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 006C7206
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 006C723C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006C724D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006C72CF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c09e11bf0970c67a22ca1c62958eda5ed23dd17148d078278857a46996b70ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dea6399b02b0358e4d761201d5ce7335b1014b6b547a3f5be8d7545ae05d816d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c09e11bf0970c67a22ca1c62958eda5ed23dd17148d078278857a46996b70ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C413BB1A04204AFDB15CF54C884FAA7BAAEF54310F2480ADFD059F20AD7B5DA45CFA0
                                                                                                                                                                                                                                                                                                                                                            Function 006F2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 006F2F8D
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 006F2F94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 006F2FA9
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006F2FB1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ac664f9f686add7b494eb861eec2264e4732f25d39a26d6f20c488a9250ebe9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2f55b940da8b1f85bc2caed171f18faf900ff09ce7f084daa4d3df1bda7cb9a2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ac664f9f686add7b494eb861eec2264e4732f25d39a26d6f20c488a9250ebe9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8121CD7126520EABEB104FA4DCA0EFB37BEEB59774F104628FA50D22A0D771DC519B60
                                                                                                                                                                                                                                                                                                                                                            Function 00684D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00684D1E,006928E9,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002), ref: 00684D8D
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00684DA0
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00684D1E,006928E9,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002,00000000), ref: 00684DC3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 324e2e65954f1a3f5a78a9d493368e8a75b1f74e59f6dcf8cb7f2a11d4b7b647
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d564d7b26385aad9a32a5cbc888d162cb9b6e39391962c48a991b924ba6169b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 324e2e65954f1a3f5a78a9d493368e8a75b1f74e59f6dcf8cb7f2a11d4b7b647
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15F03C35A40209ABDB11AB90DD49BEDBBB6EF44761F0002A8A805A26A0DF745954CB95
                                                                                                                                                                                                                                                                                                                                                            Function 00664E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E9C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00664EAE
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664EC0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 278fadac5212917d026bf08a2f858230d586c0113f5027cb3c72194fc10239de
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d1228a2f31e8a266ade925a07d2a3111fba3e589e1aa8e9f144cf0e38a31331
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 278fadac5212917d026bf08a2f858230d586c0113f5027cb3c72194fc10239de
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCE08C36A026265BD3225B25AD18ABB6A6AAF81B72B051115FD04E2204DF64CD1580A0
                                                                                                                                                                                                                                                                                                                                                            Function 00664E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E62
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00664E74
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E87
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 04fbc64e68c4d9d0ddcf6fcf1dcbf50a8032260eae97a07be306860a93cee637
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07c9fb94ec6c9e344cd9a01c61f14e885749936ec19de283444e81c002aa3695
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04fbc64e68c4d9d0ddcf6fcf1dcbf50a8032260eae97a07be306860a93cee637
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BAD05B395026367BD7325B257D1CDEF6A1BAF85F713050515F905E2214CF65CE11C5D0
                                                                                                                                                                                                                                                                                                                                                            Function 006D2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006D2C05
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 006D2C87
                                                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 006D2C9D
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006D2CAE
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006D2CC0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 75888134224d1e0d548f84118ebf3ff6e3dc3d612baf68945a22a3f6d48a3c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 240065f31bfe0405e86e09ab40b1510d8d6ee496796b1002fab84659aa1927f0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75888134224d1e0d548f84118ebf3ff6e3dc3d612baf68945a22a3f6d48a3c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B16F71D00119ABDF61EBA4CC95EDEB77EEF58310F1040AAF609E7241EA319E448F65
                                                                                                                                                                                                                                                                                                                                                            Function 006EA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 006EA427
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 006EA435
                                                                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 006EA468
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006EA63D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c940b7e82ba4e584823550a366d8c5e49860734340ecced4f942400c1f79ac63
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 914747168f03359bd3773e8e17f345f8746cc5ec3da40b1b10daab6e73b7beb0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c940b7e82ba4e584823550a366d8c5e49860734340ecced4f942400c1f79ac63
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07A1AD716043009FE720DF25C886B2AB7E6AF84714F14885DF59ADB392DBB0EC41CB96
                                                                                                                                                                                                                                                                                                                                                            Function 0069BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00703700), ref: 0069BB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0073121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0069BC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00731270,000000FF,?,0000003F,00000000,?), ref: 0069BC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069BB7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069BD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c2c3b82414e8c565f0bc3213bd259a2f1ada1932fd1da12d16ecb3ed62f6612a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 371d9630707ab4073b180ade2d0959fa41a08873fd3990ad25abde34719e33d7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2c3b82414e8c565f0bc3213bd259a2f1ada1932fd1da12d16ecb3ed62f6612a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7851E671900209EFDF10EF65AE819BEB7BEFF40320B50526EE454D7691EB709E418B98
                                                                                                                                                                                                                                                                                                                                                            Function 006CE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006CCF22,?), ref: 006CDDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006CCF22,?), ref: 006CDE16
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CE199: GetFileAttributesW.KERNEL32(?,006CCF95), ref: 006CE19A
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 006CE473
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 006CE4AC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006CE5EB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006CE603
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 006CE650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f3ff40d941e20dd19342220e363575ee492a5f6dbd30563d44d1b4c1ba3119b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4d1dce47f1663729e1046bad336b3e4a21ad43ba69120b0d6189cf373a9828fe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3ff40d941e20dd19342220e363575ee492a5f6dbd30563d44d1b4c1ba3119b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A95184B24087455BC764EB90C881EEF73EEEF85340F00491EF589D3191EF75A688876A
                                                                                                                                                                                                                                                                                                                                                            Function 006EB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006EC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EBAA5
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006EBB00
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 006EBB63
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 006EBBA6
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006EBBB3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 02ce8c1ce8d87cb3a86f7eb42852d09c1457a4aa44413d74abb37c99ad3fb076
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 78d3ba18282b0f8c28a61d342013cc7712fb66cca05abb905ca9bb5f15ef05f3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02ce8c1ce8d87cb3a86f7eb42852d09c1457a4aa44413d74abb37c99ad3fb076
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8615C31209341AFD714DF15C490E6ABBE6FF84318F14996CF4998B2A2DB31ED46CB92
                                                                                                                                                                                                                                                                                                                                                            Function 006C8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006C8BCD
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 006C8C3E
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 006C8C9D
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006C8D10
                                                                                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 006C8D3B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 204c01c20dd70fc70b42b417a29f764856348895617c8b2deb4cc5221693d444
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 649ca378d83770b29b46a015e31ffeebcfd8022a2b2206ab865511c2ba5c6585
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 204c01c20dd70fc70b42b417a29f764856348895617c8b2deb4cc5221693d444
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 995159B5A00619EFCB14CF68D894EAAB7F9FF89310B158559E906DB350E730E911CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006D8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 006D8BAE
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 006D8BDA
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 006D8C32
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 006D8C57
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 006D8C5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c8186da486adfbe233771c83817ada32b4dfbb90bca83b6e166d31d503878628
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 049a260cc9e8f8c252731f5fb8631f3b13fb3decd6277b785c4549895b07c50b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8186da486adfbe233771c83817ada32b4dfbb90bca83b6e166d31d503878628
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B515D35A00214DFCB04DF64C885EA9BBF6FF48314F088499E84AAB362DB31ED51CB94
                                                                                                                                                                                                                                                                                                                                                            Function 006E8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 006E8F40
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 006E8FD0
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 006E8FEC
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 006E9032
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006E9052
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,006D1043,?,7529E610), ref: 0067F6E6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,006BFA64,00000000,00000000,?,?,006D1043,?,7529E610,?,006BFA64), ref: 0067F70D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e73be0bae4976623d468cbf4663b52ddab94435cc9c482cd2a0a1d0faf2606cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0ff216f613f76f7516f0088beaf058dbdb8f639d8657069ad5c8bdb75f74f852
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e73be0bae4976623d468cbf4663b52ddab94435cc9c482cd2a0a1d0faf2606cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81514A35601245DFCB15DF59C4948EDBBF2FF49324B0480A9E80AAB362DB31ED86CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006F6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 006F6C33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 006F6C4A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 006F6C73
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,006DAB79,00000000,00000000), ref: 006F6C98
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 006F6CC7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 58130b69b01e3b8b7efc0dd43ae0ab014ea970e9338d83f189411c4cb5483dad
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41b78ba32bc21977e83811c248bbd02bb68a5df55fe28aedc9b3319ed85f779f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58130b69b01e3b8b7efc0dd43ae0ab014ea970e9338d83f189411c4cb5483dad
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD41AD35A0410CAFDB24CF68CD59FF97BA6EB09360F150268FA99E73A1C371AD51CA40
                                                                                                                                                                                                                                                                                                                                                            Function 00692051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 07e7d12103b52150bd147d27670d75bcdf16cadbaa0333b9020381b32d6196ec
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df8156e0e2517f735accb9d25d6afd47c84696bd32a64d5907dd180a285d9963
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07e7d12103b52150bd147d27670d75bcdf16cadbaa0333b9020381b32d6196ec
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6741E432A00201AFCF20DF78C890A9DB7AAEF88314F158568E615EB751D631AD01CB80
                                                                                                                                                                                                                                                                                                                                                            Function 0067912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00679141
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 0067915E
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00679183
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0067919D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 965fefad7b3019e41d71cf8ff78aaeed950a9d3d7a6599808b586beab6be0af1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f7d84c0806528fa62aa0a3014b4aeb892b2a3bc1c10bf4a985b56c0745c28d5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 965fefad7b3019e41d71cf8ff78aaeed950a9d3d7a6599808b586beab6be0af1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A441607190850BBBDF159F68C844BFEB7B6FB45324F248219E429A7290C73459A4CF61
                                                                                                                                                                                                                                                                                                                                                            Function 006D3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 006D38CB
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 006D3922
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 006D394B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 006D3955
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006D3966
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a19603784f1fd3cfc0c48f86eff6f0550126ef4422f8cd522c5e0da5883267ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 779df7ea51b098f2f5b29f6e407140daafc215f9d5930b621b907fd655bce826
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a19603784f1fd3cfc0c48f86eff6f0550126ef4422f8cd522c5e0da5883267ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA31F770D043559EFB35CB349858BF637AAAB05311F44446FE462CA3A0F3F8A685DB16
                                                                                                                                                                                                                                                                                                                                                            Function 006DCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,006DC21E,00000000), ref: 006DCF38
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 006DCF6F
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,006DC21E,00000000), ref: 006DCFB4
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,006DC21E,00000000), ref: 006DCFC8
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,006DC21E,00000000), ref: 006DCFF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 73ddb741748a9294ae919f82e3f431d740d1a45e28c84f67ff684994e9b655e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 82e559052b3e1bf0970d3fd8c4a237ac172b923c6f64a23172fb5f9921ebeaab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73ddb741748a9294ae919f82e3f431d740d1a45e28c84f67ff684994e9b655e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD312D7190460AAFDB20DFA5C9849EABBFBEF54361B10842EF516D2351DB30AE41DB60
                                                                                                                                                                                                                                                                                                                                                            Function 006C1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006C1915
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 006C19C1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 006C19C9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 006C19DA
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 006C19E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ffeed3d7dfc8c67c04ff326ac3a556b7ac471a7e8c6e131f75f92a7b21efcfbe
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d934124aa58bc90410f56458db7dcd4e5e8bcb26dfb990855b67831e6319283b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffeed3d7dfc8c67c04ff326ac3a556b7ac471a7e8c6e131f75f92a7b21efcfbe
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9931AF71900219EFCB10CFA8C999BEE7BB6EB46325F104229F921AB2D1C7709954DB90
                                                                                                                                                                                                                                                                                                                                                            Function 006F5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 006F5745
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 006F579D
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F57AF
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F57BA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 006F5816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dd75cbdf0e089295833bf0d936a0c3c2dca3cefbba22a3983f227f6e70c9d486
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 160cfccf8fda4f3b0919944a2ed0bd60fe99b47025bc800bed40466b64cda137
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd75cbdf0e089295833bf0d936a0c3c2dca3cefbba22a3983f227f6e70c9d486
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A21857190461C9ADB209F64CC85AFD77BAFF04724F108216EB2AEA284D7708D85CF50
                                                                                                                                                                                                                                                                                                                                                            Function 006E0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 006E0951
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 006E0968
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006E09A4
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 006E09B0
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 006E09E8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c6db85401c43133bbd718ef088223a6725b215ca813b5d1f00c46da48f3788b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9026121fdf3166060dcac80c0cc03dae1a24b1a9fa5325f24e9400f9f4b95fbc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c6db85401c43133bbd718ef088223a6725b215ca813b5d1f00c46da48f3788b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95218135A00204AFD744EF65D985AAEBBE6EF45710F04846DE84AD7362DB70AC44CB90
                                                                                                                                                                                                                                                                                                                                                            Function 0069CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0069CDC6
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0069CDE9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0069CE0F
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069CE22
                                                                                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0069CE31
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d123d0cac0a7e57d630255d88c0e2299564c0d2b1d24c9b79eb3b3590fb0305
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 42a9d488196ee41372bad966690834b143643a4d3e4493085f5fc269344b1a09
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d123d0cac0a7e57d630255d88c0e2299564c0d2b1d24c9b79eb3b3590fb0305
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F01F7726012167FAB2156BA6C9CCBB796FDEC6BB1315012DFD06C7700EA608D02C2F4
                                                                                                                                                                                                                                                                                                                                                            Function 00679639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00679693
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 006796A2
                                                                                                                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 006796B9
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 006796E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 899a57c70647b84d7b5aa8f57d3189de19d92d7057c9775fedfff993e8c785b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ef51786fc22fb8fe614ff1f05fc46b24ae56b762fe8ef217d4e2e4474f54615
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 899a57c70647b84d7b5aa8f57d3189de19d92d7057c9775fedfff993e8c785b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03218070802345EBFB11DF24DD14BE93BEABB41726F508316F414A62B0D375A891CBA8
                                                                                                                                                                                                                                                                                                                                                            Function 006C5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ddd3365850281f45bd105d3c5fa793debb22c01ba35e9c518d4789d66fe1bf6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc8212905e050f950586bcb47511610463babc44f0c3ca7bf18538d03394d2c8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddd3365850281f45bd105d3c5fa793debb22c01ba35e9c518d4789d66fe1bf6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2019262641619BB921866109E92FFB735FDF22394B004029FE069F241FA60FD9282B9
                                                                                                                                                                                                                                                                                                                                                            Function 00692DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0068F2DE,00693863,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6), ref: 00692DFD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692E32
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692E59
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00661129), ref: 00692E66
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00661129), ref: 00692E6F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 808f7f7e15c8077c9051daf7c4fff1eca1cbbfe06b702395c411354bea80f6e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 071b0a3e038c5bb2123650db2bf0184cadaa8389048b89b854bc4786f6482466
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 808f7f7e15c8077c9051daf7c4fff1eca1cbbfe06b702395c411354bea80f6e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B701F4726056067BCF1267356CE6D7B269FAFD17B5B21402CF425A2B93EE648C0241A4
                                                                                                                                                                                                                                                                                                                                                            Function 006C000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?,?,006C035E), ref: 006C002B
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0046
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0054
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?), ref: 006C0064
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0070
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2d936c48c3b34c07cff6db782bcfe9003c910a4134b382d8055a4f01010775d6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 65bab9a643740dd7400aeb06135ecee52c97afaf3b746ab208844efe856f61ec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d936c48c3b34c07cff6db782bcfe9003c910a4134b382d8055a4f01010775d6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53017472600208EBEB104F68DD08FBA7AAEEB487A2F155128F905D2210EB71DD408BA0
                                                                                                                                                                                                                                                                                                                                                            Function 006CE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 006CE997
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 006CE9A5
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 006CE9AD
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 006CE9B7
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 006CE9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 77fe3334644f95f814bb3f16e7c9617fbda25bf550d64aa47369ff7a5cc82e56
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bff0d4909efceb1836a3de3ac0d333f4bce3b690b722d10714f4c3b3324f44cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77fe3334644f95f814bb3f16e7c9617fbda25bf550d64aa47369ff7a5cc82e56
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB015331C0162DDBCF00EBE4D959AFDBB7AFF09310F00454AE902B2241CB399661CBA2
                                                                                                                                                                                                                                                                                                                                                            Function 006C10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006C1114
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1120
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C112F
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1136
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006C114D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fb65eb4f81e650295e1780febb60d6ac98f3e507a84da7b90447fb40f61f96a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 99c167187e998b84770145d537aea750014b829a24f9dd46c9a5f8530795f7df
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb65eb4f81e650295e1780febb60d6ac98f3e507a84da7b90447fb40f61f96a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B011975200209BFDB115FA5DD49EBA3B6FEF8A3A0B254419FA45D7360DB31DC10DA60
                                                                                                                                                                                                                                                                                                                                                            Function 006C0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006C0FCA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006C0FD6
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006C0FE5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006C0FEC
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006C1002
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a54a6e1a58f5ca45cfae7a214bddf3ec5a964b89e568444bf58cbdc13200ecce
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9aedf4a9c038fe8d8d325f5e46432dd4c83256e8fb647d212a7a4b0fdc5c9110
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a54a6e1a58f5ca45cfae7a214bddf3ec5a964b89e568444bf58cbdc13200ecce
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF04F35200345ABD7214FA4DD4AFA63B6EEF8A761F114415F945CA351CE71DC50DA60
                                                                                                                                                                                                                                                                                                                                                            Function 006C1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006C102A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006C1036
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1045
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006C104C
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1062
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 44db2a39ac255928e19e2293cf41029159bbd877034502f2b271d3daf44ed3a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aa418d2534976c346be700dcd7f97353488fe9a896bfa7f24ecf7592cbbf0520
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44db2a39ac255928e19e2293cf41029159bbd877034502f2b271d3daf44ed3a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40F04936240309ABDB215FA4ED49FA63BAEEF8A761F110418FA45CA351CE71D890DA60
                                                                                                                                                                                                                                                                                                                                                            Function 006D030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0324
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0331
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D033E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D034B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0358
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0365
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ccf95eeb54e4de9d6475f0d75e6b91158514461c6dfaa2c38860d12d1e5d11bf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5e2bd53acbf8ad7968277827374c6668929a63b5941d5f6fe8e964624a5bf83f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccf95eeb54e4de9d6475f0d75e6b91158514461c6dfaa2c38860d12d1e5d11bf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F01E272800B069FD7309F66D880852F7F6BF503153068A3FD19252A30C3B1A954CF80
                                                                                                                                                                                                                                                                                                                                                            Function 0069D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D752
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D764
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D776
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D788
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069D79A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1e2398ae884b4f660116e3c80460a85d72229697a9654692634b7e4ebff057ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 930ff677e084c7e2f5bfcaa3446ad0a5fbe1f1d6d57bc3d372908a0c4aa18432
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e2398ae884b4f660116e3c80460a85d72229697a9654692634b7e4ebff057ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23F01232544205BB8E62EBA5F9C5C5A77DFBB547107E54819F04CEBE01C734FC8086A8
                                                                                                                                                                                                                                                                                                                                                            Function 006C5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 006C5C58
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 006C5C6F
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 006C5C87
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 006C5CA3
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 006C5CBD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3ff33b270523690b8e11e2fdbb19e4e96c53058e6243f6f86c2b332d89134c68
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: afb5fc02a9c392d3e820e4950627490150108833b496cbb6016bbd3cbe418cd6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ff33b270523690b8e11e2fdbb19e4e96c53058e6243f6f86c2b332d89134c68
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50016230500B08ABEB206B14DE4EFF677BAFB00B05F00155DA593A10E1DBF0B988CA91
                                                                                                                                                                                                                                                                                                                                                            Function 006922A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006922BE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006922D0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006922E3
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006922F4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00692305
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e3e72a97030c59c265f2a4ca182b0f715ff018bae66bb142a446f06ba85f0fb2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a3e1e8d8ddc4ff947fc5cf9c8c1c7ea606e7e21888ee281439d40e996ab1ec0a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3e72a97030c59c265f2a4ca182b0f715ff018bae66bb142a446f06ba85f0fb2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AF05E70901522AB9E63EF55BC2184D3B6AF728B62740C50AF414D27B1C73C0912EFEC
                                                                                                                                                                                                                                                                                                                                                            Function 006795C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 006795D4
                                                                                                                                                                                                                                                                                                                                                            • StrokeAndFillPath.GDI32(?,?,006B71F7,00000000,?,?,?), ref: 006795F0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00679603
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00679616
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00679631
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a2b9bbddc4c88099166116796ae448718c0d2b9548d09336391fdb990efc325f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 713b637bb74da11791a5011afacc6d0b4b06c83b968b5060882e6d097d11b1ff
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2b9bbddc4c88099166116796ae448718c0d2b9548d09336391fdb990efc325f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEF01934005648EBEB129F65EE18BA43BA2AB01336F44C314F469551F0CB3999A6DF28
                                                                                                                                                                                                                                                                                                                                                            Function 00690F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a61f926321509a90c2c2ca06833e4c0e935b277f428011c6bde4e6da061490d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dc41e8b0b57bbcef6f3954ce52e87df1016920839cc11a71f3fb4c9c148dff03
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a61f926321509a90c2c2ca06833e4c0e935b277f428011c6bde4e6da061490d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01D1CD31A00207DADF299F68C855AFAB7BAEB07300F38415AE9159FF50D7359E81CB91
                                                                                                                                                                                                                                                                                                                                                            Function 006E61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00680242: EnterCriticalSection.KERNEL32(0073070C,00731884,?,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068024D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00680242: LeaveCriticalSection.KERNEL32(0073070C,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068028A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006800A3: __onexit.LIBCMT ref: 006800A9
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 006E6238
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006801F8: EnterCriticalSection.KERNEL32(0073070C,?,?,00678747,00732514), ref: 00680202
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006801F8: LeaveCriticalSection.KERNEL32(0073070C,?,00678747,00732514), ref: 00680235
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006D35E4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006D359C: LoadStringW.USER32(00732390,?,00000FFF,?), ref: 006D360A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                            • String ID: x#s$x#s$x#s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1072379062-3720613016
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 16b9d93ef7d4ffed81110a98956802a351ae1ddf59239d09b70811b81f9835d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f314076641f80c1583835688701db0a0a8587111d223df268a0761325b1cab65
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16b9d93ef7d4ffed81110a98956802a351ae1ddf59239d09b70811b81f9835d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98C18D71A00245AFDB14DF99C890EBEB7BAEF58340F10806DF9159B291DB70ED45CB90
                                                                                                                                                                                                                                                                                                                                                            Function 00695AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: JOf
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1367099043
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 871bd689812a4d876db279b95722256c3c27fa96759c7873490638d622ec6d7b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01f32bb7e4de9f50f7f1a2c0544931cfd8c8cfcbe090102ffe17e7ae3aceb8d6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 871bd689812a4d876db279b95722256c3c27fa96759c7873490638d622ec6d7b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C551B071D0060AEFDF22AFA4C855EEE7BBEAF05320F14015DF406A7691D7319A02CB65
                                                                                                                                                                                                                                                                                                                                                            Function 00698A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00698B6E
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00698B7A
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00698B81
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID: .h
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2434981716-3939481508
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f0c7af670a3f4d51262ef94409550a7549bf50277e2a790bae5fd4383464cbd5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1395fb6b6828f6ff9f6fb50f34727895d42e3134e13b6ca34c44c383143e6e75
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0c7af670a3f4d51262ef94409550a7549bf50277e2a790bae5fd4383464cbd5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB416970604145AFDF249F64C890ABD7BEBEB87310F2C81A9E88587A46DE318C028794
                                                                                                                                                                                                                                                                                                                                                            Function 006C2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006C21D0,?,?,00000034,00000800,?,00000034), ref: 006CB42D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 006C2760
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006C21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 006CB3F8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CB32A: GetWindowThreadProcessId.USER32(?,?), ref: 006CB355
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,006C2194,00000034,?,?,00001004,00000000,00000000), ref: 006CB365
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,006C2194,00000034,?,?,00001004,00000000,00000000), ref: 006CB37B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006C27CD
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006C281A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e9484d15c2f934bed8dcb9c9ed18727f40d96ccb74a1cc5d5dcc6f258a54efe
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d7dbc9146765fb681bb4b5fe869db84b76d2452a731879209973385b496982cd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e9484d15c2f934bed8dcb9c9ed18727f40d96ccb74a1cc5d5dcc6f258a54efe
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2413C72900218AFDB10DBA4CD96FEEBBB9EF09700F105059FA55B7181DB706E45CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 0069172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\gTU8ed4669.exe,00000104), ref: 00691769
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00691834
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0069183E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\gTU8ed4669.exe
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-4253357325
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d23a0d2acd89e008bf01dc4f4f85a0e477483f5562045869945b4671d30c3ab7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c2ecd30027a86c3dac7bb951232ee080dc5d4f30b63c03141bd14c97b2303d05
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d23a0d2acd89e008bf01dc4f4f85a0e477483f5562045869945b4671d30c3ab7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F31A271A0020AABDF21DB999981DDEBBFEEB86310B60416AF804DB711D6704E41DB94
                                                                                                                                                                                                                                                                                                                                                            Function 006CC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 006CC306
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 006CC34C
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00731990,01285ED8), ref: 006CC395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 14a936f5e0a7bd6dbc7aaa75cafcc19a57ad27ea535ff81289f2011f8e328d01
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aefcea0b73ae81e45ddf81d9a2dee33b0a584ffded06209dc4f679b748cce4d4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14a936f5e0a7bd6dbc7aaa75cafcc19a57ad27ea535ff81289f2011f8e328d01
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54419F712043419FD720DF24E845F6ABBEAEF85320F04861EF8A9D7391D730A905CB66
                                                                                                                                                                                                                                                                                                                                                            Function 006F4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,006FCC08,00000000,?,?,?,?), ref: 006F44AA
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 006F44C7
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006F44D7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b61373041d98bc38f95e1b7d58c70a76ea5f250d5f103558db8cfc2e526e57d1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8149b8d5b26166440d41d511f4cd24b76ab0e2d5c19a4ece6383bfc354da60df
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b61373041d98bc38f95e1b7d58c70a76ea5f250d5f103558db8cfc2e526e57d1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79319031214609AFDB209E38DC45BEB77AAEB09334F205719FA75E22D0DB74EC519B50
                                                                                                                                                                                                                                                                                                                                                            Function 006C6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SysReAllocString.OLEAUT32(?,?), ref: 006C6EED
                                                                                                                                                                                                                                                                                                                                                            • VariantCopyInd.OLEAUT32(?,?), ref: 006C6F08
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006C6F12
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                            • String ID: *jl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2173805711-294499450
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2600d33f1fdaeeeced98af0776228d4873245fbbe9d163a9a5075ee79c7205d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c888b0098fee8226719c15fec6c54a72063c3ef5dd86c23a6294825598f4dbc4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2600d33f1fdaeeeced98af0776228d4873245fbbe9d163a9a5075ee79c7205d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9318171604245DBCB05AF65E851EBD37B7EF8A300B10049EFA228B2B1C7749952DB98
                                                                                                                                                                                                                                                                                                                                                            Function 006E304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006E335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,006E3077,?,?), ref: 006E3378
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006E307A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006E309B
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 006E3106
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 66d04f3cfd990ba09ebeaaf19e39e462481a4d68eadb26b97dd6e07c23316bf6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc56ebfb2a7589cbcf9103f1ae68ceed2d2f9f8819d34b76cb0dfd2150f86176
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66d04f3cfd990ba09ebeaaf19e39e462481a4d68eadb26b97dd6e07c23316bf6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8431E1352013959FCB20CF2AC589EEA77E2EF54318F248059E8158F392CB32EE45C760
                                                                                                                                                                                                                                                                                                                                                            Function 006F4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 006F4705
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 006F4713
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 006F471A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dd8db91482bf15385098504885b77fd1d8030fed6440d43fdd0339c66f4b18b9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f2ceb2bed01fb9add76cbf76b171640eea11c0458f8da8370f7575d6c9a3b56
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd8db91482bf15385098504885b77fd1d8030fed6440d43fdd0339c66f4b18b9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5213EB5604209AFEB10EF64DC91DB737AEEF9A3A8B050159FA009B351CB75EC11CA64
                                                                                                                                                                                                                                                                                                                                                            Function 006C95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c27ac7a8500e7cf888ff0529f0773242be2ca127c2c7c6bf6c587bf531f1bcf7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a0f3ed6e395cd097cf9b562d3e1244576b4cc271c383dbad648c29df56416ba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c27ac7a8500e7cf888ff0529f0773242be2ca127c2c7c6bf6c587bf531f1bcf7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB21383220411166E331BB25DC0AFF7739BEF55314F50402EFA4997282EB619D42C3B9
                                                                                                                                                                                                                                                                                                                                                            Function 006F37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 006F3840
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 006F3850
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 006F3876
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 58cbf74f7623dc02c4b755a266bf9477d34724be8cc216ceb6cfb336d13505f7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 94b6ef4b2457c13e65736fa01c74b8702c6bee6d013ab6adb9d873d0a5a422d5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58cbf74f7623dc02c4b755a266bf9477d34724be8cc216ceb6cfb336d13505f7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9921B072610228BBEB119F54DC41EFB376BEF897A0F108124FA109B290C675DC52C7A0
                                                                                                                                                                                                                                                                                                                                                            Function 006D49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006D4A08
                                                                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 006D4A5C
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,006FCC08), ref: 006D4AD0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 13303c4634f25c36fc687926a1e075d659ebba4f7ecf7853f1455fdf8c72e7e8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c20e997bf525442af4c7b10d1fac0ec0ed1442108410271aeff5d3967329b7e3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13303c4634f25c36fc687926a1e075d659ebba4f7ecf7853f1455fdf8c72e7e8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9318E74A00108AFDB10DF54C981EAA7BFAEF08318F1480A9E809DB352DB71EE45CB61
                                                                                                                                                                                                                                                                                                                                                            Function 006F41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 006F424F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 006F4264
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 006F4271
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 361c4d0e5be2370e2c76972160e02283f905b27fb47623bb4db9216c42bf86f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 12327a5b80229cf6fc12dd4581ab8d36ec408e3e3f432ef645d27dc0f5adb83d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 361c4d0e5be2370e2c76972160e02283f905b27fb47623bb4db9216c42bf86f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2811E031240248BEEF209F28CC06FFB3BAEEF85B64F010528FA55E21A0D671D811DB24
                                                                                                                                                                                                                                                                                                                                                            Function 006C2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006C2DC5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C2DD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C2DA7: GetCurrentThreadId.KERNEL32 ref: 006C2DDD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006C2DE4
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 006C2F78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C2DEE: GetParent.USER32(00000000), ref: 006C2DF9
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 006C2FC3
                                                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,006C303B), ref: 006C2FEB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 026016abe38ffb30f8987efb23e84f867504df3beb06ee075fdf2cce4cc7c0c6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46c6e65f1fb55847c6484c2a83567034ea6f0540d8c02ee5ebff964930a88a34
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 026016abe38ffb30f8987efb23e84f867504df3beb06ee075fdf2cce4cc7c0c6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5611AE71200219ABCF806F60DC96FFD376BEF94314F04807DF9099B292DE70A9498B60
                                                                                                                                                                                                                                                                                                                                                            Function 006F5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006F58C1
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006F58EE
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 006F58FD
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ff7ac5ab5de7c8275153d8810653f102f5c835b504a2f4ade81a44ad378179c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5226364936898e7c4ea578e8f69039e16f66f7609a0ecc6d3e40aa6019a27c8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ff7ac5ab5de7c8275153d8810653f102f5c835b504a2f4ade81a44ad378179c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F015B3150025CEEDB619F21DC44BBEBBB6FF45360F10809AEA4AD6251DB708A95EF21
                                                                                                                                                                                                                                                                                                                                                            Function 006C007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 84750527477944493f8bf01c9daae847e10f8d9017c45be67609b5519b661d83
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9aeabdd0f48f909ceece9e81d223e041b3289d88158f9b72cfd99d38a4921aad
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84750527477944493f8bf01c9daae847e10f8d9017c45be67609b5519b661d83
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71C12775A0021AEFEB14DFA4C894FBAB7B6FF48704F248598E505AB251D731EE41CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006E342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7025c795dc75ec71128c1bc6fc6ce945705ec07a3bf2ccfcc76411cd33da480e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 906ae118a4fe342e7e56a1686b5f34089b77f62b878312fb126a725d06bbd5aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7025c795dc75ec71128c1bc6fc6ce945705ec07a3bf2ccfcc76411cd33da480e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03A159756143109FCB50DF29C485A6AB7E6FF88724F04885DF98A9B362DB30EE01CB95
                                                                                                                                                                                                                                                                                                                                                            Function 006C0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,006FFC08,?), ref: 006C05F0
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,006FFC08,?), ref: 006C0608
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,006FCC40,000000FF,?,00000000,00000800,00000000,?,006FFC08,?), ref: 006C062D
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 006C064E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4542ef3100f9cb1a29df62ca9509128ed512e2daeb073538441a71c7a97bdf9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 612b398968346f2ea6d88dea62adbf2c57289caceda0baa7f8fa81f104fabea4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4542ef3100f9cb1a29df62ca9509128ed512e2daeb073538441a71c7a97bdf9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E81E875A00109EFDB04DF94C984EFEB7BAFF89315F204598E516AB250DB71AE06CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006EA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 006EA6AC
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 006EA6BA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 006EA79C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006EA7AB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,006A3303,?), ref: 0067CE8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bffd3c5e376273eb9f2e0af796b68e41942acefcd2cb6bfc22844289614ae9b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c20043665447becbd9d610b55feb35cf9df38d8a32aae050622a0a80d2219f21
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bffd3c5e376273eb9f2e0af796b68e41942acefcd2cb6bfc22844289614ae9b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12518D71508300AFD750EF65C886A6BBBE9FF89754F00891DF58997291EB30E904CBA6
                                                                                                                                                                                                                                                                                                                                                            Function 006A1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7cf9ec97d76880e99ba58cefb448a22b62a2fbd60ea3b86c0a9264b04e7cbd53
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a6bf4a7a8962ae58e607c67097e99b86da0a9f76a41507980d2bc272927bc74
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cf9ec97d76880e99ba58cefb448a22b62a2fbd60ea3b86c0a9264b04e7cbd53
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43411931900114ABDF217FFD8C456AE3AEBEF4B770F140229F419DA292E6348D425BB5
                                                                                                                                                                                                                                                                                                                                                            Function 006F6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006F62E2
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006F6315
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 006F6382
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: aab9ad404a81ddff802809d224839054cce31e69db742ec63820cc5b07fc67ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38b4cdae65a4d33a3c62ccb628393a063b508fb204af07fa4a3b0ee613543c69
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aab9ad404a81ddff802809d224839054cce31e69db742ec63820cc5b07fc67ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6513975A00209EFDB10DF68D880ABE7BB6EF55360F108169F9159B390D730ED41CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006E1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 006E1AFD
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E1B0B
                                                                                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 006E1B8A
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006E1B94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4761bf4fac1533e72f70777346dacd0927acac9f7d79b26a69a7b1e64bda0c84
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cde5ad41d164262f1132c13ea31488d03b137e6d08151fd7c828ab62f58e9703
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4761bf4fac1533e72f70777346dacd0927acac9f7d79b26a69a7b1e64bda0c84
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38419E34600300AFE720AF25C886F6A77E6AB45718F54848CF95A9F3D2D672ED42CB90
                                                                                                                                                                                                                                                                                                                                                            Function 0069B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 56c848fd9346cc483e9f373c4ad868581edaccc760d084845e5fc9fa120e945b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: adc67f79b614ba53effc2d131c591813729772d71a811dc4570e464fd515f743
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56c848fd9346cc483e9f373c4ad868581edaccc760d084845e5fc9fa120e945b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8412875A00304BFDB24AF78DD41BAABBEEEF84B10F10462EF141DBA91D37199018B80
                                                                                                                                                                                                                                                                                                                                                            Function 006D56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 006D5783
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 006D57A9
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 006D57CE
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 006D57FA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bf08c34a71c95ff7abb411edfa1b57bd642ed93bb82c872f6527b7ecf16b19bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b838045748909bc2152813d238c494ec1f8555493ec0f2184595ccf7808dfabb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf08c34a71c95ff7abb411edfa1b57bd642ed93bb82c872f6527b7ecf16b19bc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7412939600A10DFCB11EF15C544A5EBBF3EF89324B198489E84AAB362CB31FD40CB95
                                                                                                                                                                                                                                                                                                                                                            Function 0069D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00686D71,00000000,00000000,006882D9,?,006882D9,?,00000001,00686D71,?,00000001,006882D9,006882D9), ref: 0069D910
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0069D999
                                                                                                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0069D9AB
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0069D9B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f840179917d14db9d7bae6128c7f6aea0331a40e264ca2cc1ca5b2e7023bf402
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d6a65b4edf08115057d0f49593150ec46f962b0f575d2cc48351045110cc43c1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f840179917d14db9d7bae6128c7f6aea0331a40e264ca2cc1ca5b2e7023bf402
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3131B072A0020AABDF25EF64DC41EEE7BAAEB41310B154269FC04D7291EB35CD55CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006F52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 006F5352
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006F5375
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006F5382
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006F53A8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d190f40b570f8ca9722068443ed0cac727d380326fec37654644ea47331afe1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ac8ffd9af27915a76884c327dbaac8f7d57ae24d0b0f9ba57a361e5b6409d595
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d190f40b570f8ca9722068443ed0cac727d380326fec37654644ea47331afe1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B531B236A55A0CEFEB309B1CCC05BF877A7AB05390F584101FB12962E1E7B4AD41DB82
                                                                                                                                                                                                                                                                                                                                                            Function 006CAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 006CABF1
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 006CAC0D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 006CAC74
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 006CACC6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d811c424330e29029a44c3c83da405ac8e31384387b3dd0d50fb972433c3407e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 50d333d31fcf07799a418ee71e49cbca89b4902bfe1f81d306b70378a45a8ebb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d811c424330e29029a44c3c83da405ac8e31384387b3dd0d50fb972433c3407e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77312830A4421C6FEF34CBA48C08FFA7BA7EB49328F04421EE481922D1C37489958756
                                                                                                                                                                                                                                                                                                                                                            Function 006F7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006F769A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006F7710
                                                                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,006F8B89), ref: 006F7720
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 006F778C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 87d75b71eace170c11d812a2d5c0232e5a85960bf157d868886216d9f7540102
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d4eff31e20b5015d23182fd1a68ecbd3a9d26508a11e879174d8e2a14dfbee5f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87d75b71eace170c11d812a2d5c0232e5a85960bf157d868886216d9f7540102
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9417834A1925CDFDB01EF58D894EB9B7F6BB49314F1980A8EA149B361C731E942CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006F16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 006F16EB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C3A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: GetCurrentThreadId.KERNEL32 ref: 006C3A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006C25B3), ref: 006C3A65
                                                                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 006F16FF
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 006F174C
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 006F1752
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba260ddd856f0bab8a1b0afed880ae5b889161d0cc7006dc340f3421c9e97d17
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ba3269737e9edf2d1f57d18220c6ac8be04dd5fe5e52a78c304b3a842f7055ca
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba260ddd856f0bab8a1b0afed880ae5b889161d0cc7006dc340f3421c9e97d17
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47313075D00149AFC744EFA9C981DBEB7FAEF49314B50806EE415E7311D6319E45CBA0
                                                                                                                                                                                                                                                                                                                                                            Function 006F8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006F9001
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,006B7711,?,?,?,?,?), ref: 006F9016
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006F905E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,006B7711,?,?,?), ref: 006F9094
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f84a1f3ba9cb8c59e94f24b0835356f719c5c6062c63f72775187c3720f549c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e6040af9315eaff543f711a6baaa1bb446c7ec8df838578fb63f590ebacf5503
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f84a1f3ba9cb8c59e94f24b0835356f719c5c6062c63f72775187c3720f549c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E821803560001CEFDB158F94C858FFA7BBAEB49360F044069F6054B2A1C735A991DF64
                                                                                                                                                                                                                                                                                                                                                            Function 006CD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,006FCB68), ref: 006CD2FB
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006CD30A
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 006CD319
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,006FCB68), ref: 006CD376
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4875987307b33f958e429bde0a3155e980d11710a5ba71d2b5312d35361641e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1c3fa5b81bbaae6853d8b19ce207980664a52a37545b7a5c453c72ecd088092d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4875987307b33f958e429bde0a3155e980d11710a5ba71d2b5312d35361641e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1921A3705042059FC300DF24C9819BAB7E9EE56364F104A2EF499C73A1DB30DA46CB97
                                                                                                                                                                                                                                                                                                                                                            Function 006C1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006C102A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006C1036
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1045
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006C104C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1062
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006C15BE
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 006C15E1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C1617
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006C161E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 52937b83e1b2822910ebd148066220fd132a5738f2509d58f328931388d02580
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4f7469fe0c6707ae66a79130752dc373a4c991f32aa3a44968a1a6853da471a8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52937b83e1b2822910ebd148066220fd132a5738f2509d58f328931388d02580
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A214A71E00109AFDB10DFA5C945FFEB7BAEF46354F184459E441AB242E731EA05DBA0
                                                                                                                                                                                                                                                                                                                                                            Function 006F2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 006F280A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006F2824
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006F2832
                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 006F2840
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 222f066dd0913c6999a05e2226dd92419ca853f3e88760dcd2bdab6862b61748
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b5e3965828d64fc45ece91f88dcf59f1ea1c082322dfbfc31d7ded719f7d416a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 222f066dd0913c6999a05e2226dd92419ca853f3e88760dcd2bdab6862b61748
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C21A13120551AAFD7149B24C865FBA7B9BAF85324F14815CF526CB6E2C771FC82CB90
                                                                                                                                                                                                                                                                                                                                                            Function 006C78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,006C790A,?,000000FF,?,006C8754,00000000,?,0000001C,?,?), ref: 006C8D8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C8D7D: lstrcpyW.KERNEL32(00000000,?,?,006C790A,?,000000FF,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C8DB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C8D7D: lstrcmpiW.KERNEL32(00000000,?,006C790A,?,000000FF,?,006C8754,00000000,?,0000001C,?,?), ref: 006C8DE3
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C7923
                                                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C7949
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C7984
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d25a2f47953802eb243715e52bc2da3245d5e9f888e8e5599791703f32ccca6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 868ca95b132905e1f37431ee750ea47c23880631eaa9e6d27de32ed3c089775b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d25a2f47953802eb243715e52bc2da3245d5e9f888e8e5599791703f32ccca6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A211D63A200205AFCB259F34D845EBA77A6FF45360B50402EF946C7364EB319811CBA5
                                                                                                                                                                                                                                                                                                                                                            Function 006F5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 006F56BB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F56CD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006F56D8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 006F5816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c82984416222ddb65b3a2d7da63d6f570917b8ca95ddb2597140b2c9ff9740e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 05ec29191385f39a95881baf0110d7447b0c5ddcb58af213c3f364d09e1766b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c82984416222ddb65b3a2d7da63d6f570917b8ca95ddb2597140b2c9ff9740e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E011B17160061D96DF209F618C85AFE77ADAF11760B50812AFB26D6185EBB08E80CB64
                                                                                                                                                                                                                                                                                                                                                            Function 006C1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 006C1A47
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006C1A59
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006C1A6F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006C1A8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: feb51b49c762f1060f4c3686be3ad912065508a7fb43b2b9ed0789f6e5b22846
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fdd6e5eb2fc7c3adfbcb41f41b3f6a70ca5ef9ae2d5ece28eef458080a68a4ec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: feb51b49c762f1060f4c3686be3ad912065508a7fb43b2b9ed0789f6e5b22846
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0011393AD01219FFEB10DBE4CD85FADBB79EB09750F200096EA00BB290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                            Function 006CE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 006CE1FD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 006CE230
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 006CE246
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 006CE24D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a78de3ca53f3d822fcddcdfcfef4867a36a5f7f571a5a03eb909729eccc366d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8abd6787e83b23f93e4f41611b1edabf169c20f5c7f11be7e9cd3a131a85d68f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a78de3ca53f3d822fcddcdfcfef4867a36a5f7f571a5a03eb909729eccc366d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C11C876904258BBD7019BA89C09FBE7FBEDB45321F048259F924D3291D6798A0487A0
                                                                                                                                                                                                                                                                                                                                                            Function 0068D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,0068CFF9,00000000,00000004,00000000), ref: 0068D218
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0068D224
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0068D22B
                                                                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 0068D249
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7414f80f82643b4e064905e54877f5d059bbb0c0c3c4db5352fa4e6c5a379d95
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 73a21a24c520aafb193865935860caaeaf310d3aefd28d0d89bb7014321a248c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7414f80f82643b4e064905e54877f5d059bbb0c0c3c4db5352fa4e6c5a379d95
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D019236805208BBDB217BA5DC19BAE7B6BEF81771F104319FA25961E0DB718A01C7B0
                                                                                                                                                                                                                                                                                                                                                            Function 0066600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0066604C
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00666060
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0066606A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c9f18e4b4c6c946d04fcb6d6d92f73b476582c3bbcec5c1834691c46803a3f91
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d3fe28e4c78bae15cb1e8790eef941b9df9e28ef504a09602d01897867b9425
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9f18e4b4c6c946d04fcb6d6d92f73b476582c3bbcec5c1834691c46803a3f91
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67116D72501548BFEF129FA4ED54EEABF6EEF093A4F040225FA1552120D732AC60DFA0
                                                                                                                                                                                                                                                                                                                                                            Function 00683B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00683B56
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00683AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00683AD2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00683AA3: ___AdjustPointer.LIBCMT ref: 00683AED
                                                                                                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00683B6B
                                                                                                                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00683B7C
                                                                                                                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00683BA4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 06796609d08f9e3989d9c55b4213e201e96fac7008e8b07aacad9e4638298424
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57014C72100149BBDF127E95CC42EEB3F6EEF58B54F044218FE4866221D732E961DBA4
                                                                                                                                                                                                                                                                                                                                                            Function 00693073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,006613C6,00000000,00000000,?,0069301A,006613C6,00000000,00000000,00000000,?,0069328B,00000006,FlsSetValue), ref: 006930A5
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0069301A,006613C6,00000000,00000000,00000000,?,0069328B,00000006,FlsSetValue,00702290,FlsSetValue,00000000,00000364,?,00692E46), ref: 006930B1
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0069301A,006613C6,00000000,00000000,00000000,?,0069328B,00000006,FlsSetValue,00702290,FlsSetValue,00000000), ref: 006930BF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fc3917ec54919a54c103f9e2f9e264d2adf958e82f95698f443054dc6e103f6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9a128aeb3c148698b84229aabacaf0ebdcbcdd48e1ce37f285f72c47d80cda9d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc3917ec54919a54c103f9e2f9e264d2adf958e82f95698f443054dc6e103f6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E901D432301336ABDF314B789C449A77B9EAF05BB1B114620F915E3740C721DA05C6E0
                                                                                                                                                                                                                                                                                                                                                            Function 006C7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 006C747F
                                                                                                                                                                                                                                                                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 006C7497
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006C74AC
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 006C74CA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4c7065ba508d3fe33392552db219cb3232a52d8ed22ba39c9ac225f2ca3b37dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6a1e32710212ec2a0bcc270771d13d54e90fbb7ffdfff8c90f16f1a7bd10f11e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c7065ba508d3fe33392552db219cb3232a52d8ed22ba39c9ac225f2ca3b37dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 881179B1205318ABE720CF14DD09FA2BBFAEB00B10F10856DA626D6191D7B0E904DFA0
                                                                                                                                                                                                                                                                                                                                                            Function 006CB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB0C4
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB0E9
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB0F3
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB126
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dff68d0174026f8c459f81ca9923759caefc74c25d99895baa9f1401fd294755
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d0f50aef6a8f5429a1c72644070c1176c18d10256dc9177fd4d8ff5c4913a350
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dff68d0174026f8c459f81ca9923759caefc74c25d99895baa9f1401fd294755
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D112731D0152CE7CF00AFA4E95ABFEBB79FF0A721F105089D941B2281CB305A61CB56
                                                                                                                                                                                                                                                                                                                                                            Function 006C2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006C2DC5
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 006C2DD6
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 006C2DDD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006C2DE4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f9d30b501b24a700fe3f7ccb6d006d048e10a7d2a3074c77a05a8f1400816454
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9cec35e853ac2a5ea67a547017db0edadd6bf0218c11b8edc8663ed19afbd8d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9d30b501b24a700fe3f7ccb6d006d048e10a7d2a3074c77a05a8f1400816454
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32E092711052287BD7201B729D0DFFB7E6EEF53BB1F001019F506D10809AA0D841D6B0
                                                                                                                                                                                                                                                                                                                                                            Function 006F8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00679693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: BeginPath.GDI32(?), ref: 006796B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 006F8887
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 006F8894
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 006F88A4
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 006F88B2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 01a5d5ca4ab9ed6111c351101aa8b4fca1f5a5580df3b7055b753fe2b5599cfe
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f5836445a0f3279d372a9d83ea00b8aafb6734bb410a7115545c82b1a68aba7e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01a5d5ca4ab9ed6111c351101aa8b4fca1f5a5580df3b7055b753fe2b5599cfe
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFF09A36001258BAEB125F94AD09FEA3F5AAF06320F408000FA11610E1CB791521CBA9
                                                                                                                                                                                                                                                                                                                                                            Function 006798B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 006798CC
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 006798D6
                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 006798E9
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 006798F1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 81a33557d867f6e34c2af399cfe3af907c92b4a67ece10c3e4efb89c7ccf067a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 34b90baec700feee2062b07f7310956f455495aeef5aeea6c68f55e978e660e6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81a33557d867f6e34c2af399cfe3af907c92b4a67ece10c3e4efb89c7ccf067a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BE06531244244AADB215F78AD09BF83F52EB52336F148219F6F9581E1C7714650DB10
                                                                                                                                                                                                                                                                                                                                                            Function 006C162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 006C1634
                                                                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,006C11D9), ref: 006C163B
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006C11D9), ref: 006C1648
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,006C11D9), ref: 006C164F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e311f7892d8a67dd1a1062c4921ba6487ad8777f6ba6599148212f6728cc6676
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a37ef2bf300a9e77fba8e9fb3f260806e716effdaab1ebbedd88f86869fdb4be
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e311f7892d8a67dd1a1062c4921ba6487ad8777f6ba6599148212f6728cc6676
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61E08C32602215EBD7201FB5AF0EFA63B7EEF467A2F148808F245CD081EA358445CB60
                                                                                                                                                                                                                                                                                                                                                            Function 006BD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006BD858
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006BD862
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006BD882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 006BD8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 257e8d845bc0f14f7720b1a45bf14c8ec85feb8fd26847671b7d653709fa8e80
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c3679fe6db0f7e953686256ac10b136758e1e527de0a6db4a04928ad45c2921a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 257e8d845bc0f14f7720b1a45bf14c8ec85feb8fd26847671b7d653709fa8e80
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9E01AB0804208EFCB419FA4DA08A7DBBB3FF08321F10A409E846E7350CB394942EF40
                                                                                                                                                                                                                                                                                                                                                            Function 006BD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006BD86C
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006BD876
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006BD882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 006BD8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b1c42bc5a78b5cc23937883bdf7f8b37a50207ed4b5ef83d6c4ff36a18ee56f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a7d461f01c465ad81ef6f68bf053c39e9b8889e3b99de4453463529b45a1a448
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1c42bc5a78b5cc23937883bdf7f8b37a50207ed4b5ef83d6c4ff36a18ee56f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1E01A70804208DFCB409FA4D90867DBBB3BF08320B10A408E84AE7350CB395902DF40
                                                                                                                                                                                                                                                                                                                                                            Function 006D4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625
                                                                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 006D4ED4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1bcb3c2843449d570410dc57cc0bb48d87f3277effb7b917dda98ad2bc0e1b84
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e5b52d2343a30175b2d94ee2c911f3a0737dd5abaf907b86f9548a47ac01d9f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bcb3c2843449d570410dc57cc0bb48d87f3277effb7b917dda98ad2bc0e1b84
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E914075E042449FCB14DF54C484EA9BBF6BF84304F15809AE40A9F362DB35ED85CB91
                                                                                                                                                                                                                                                                                                                                                            Function 0068E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0068E30D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1a5731125ea1c9361f34307ebd734cf51329e7c6c151e9f3f87d18b38b4da156
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bbb87fb359b733b0043b9cd37a1c5cd1458f05a291f3c0b2010b2e742d0bcb6f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a5731125ea1c9361f34307ebd734cf51329e7c6c151e9f3f87d18b38b4da156
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD513B61A2C202D7CF157714C9053F93BAAAF40740F348B59E095827E9DF368D969B8A
                                                                                                                                                                                                                                                                                                                                                            Function 006E7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(006B569E,00000000,?,006FCC08,?,00000000,00000000), ref: 006E78DD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(006B569E,00000000,?,006FCC08,00000000,?,00000000,00000000), ref: 006E783B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: <sr
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3544283678-1747582915
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 37aef079979538af6c7a6a60380f8e1117059018e510d696ad0a858d29b88326
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ff697a78720a7e65cd515a227a1b209c27337d5f4dbd3b0855e2d035d54e82e9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37aef079979538af6c7a6a60380f8e1117059018e510d696ad0a858d29b88326
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B617F72914268EACF44EBE5DC91DFEB37ABF24300B544129F542B3292EF345A05DBA4
                                                                                                                                                                                                                                                                                                                                                            Function 0067E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 104fd5357aca55081308bd0a24d6e0a3a3599d41293863e02b4d902435333670
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3573110bf16736fa187bc0b40e699098e845bf764381b2abb37f3070d8314fd7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 104fd5357aca55081308bd0a24d6e0a3a3599d41293863e02b4d902435333670
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 425166B5504246EFDB14DF68C0406FA7BAAEF19310F248069EC919B3D1DA369E87CB90
                                                                                                                                                                                                                                                                                                                                                            Function 0067F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0067F2A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0067F2BB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4722e77a45e94b86f5db1aa9490b8f1b6e8b0db2178a6aa1076cfb20de41a329
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 502626d3de79ba75a0eb7ddb9bd99670fdaa646508f4a891a13442e53b0720c3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4722e77a45e94b86f5db1aa9490b8f1b6e8b0db2178a6aa1076cfb20de41a329
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A95176714187849BD320AF50DC86BABBBF9FF84314F81884CF2D9410A5EB719529CB6B
                                                                                                                                                                                                                                                                                                                                                            Function 006E5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 006E57E0
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006E57EC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c34a61e17173dfbda157d22fb19099e515ae632b707fcc91f67518ee4ec7c44e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 058b7df087d1e9d4035dd5383e7872cc017e1cd1b8b1696f212951bb48caee46
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c34a61e17173dfbda157d22fb19099e515ae632b707fcc91f67518ee4ec7c44e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0419031A012199FCB14DFA9C8819FEBBF6EF59324F14416DE506A7391E7309D81CBA4
                                                                                                                                                                                                                                                                                                                                                            Function 006DD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006DD130
                                                                                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 006DD13A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9bc440f2e6582ed948b78f9b4b8bd19d8073437162b3fa9c6f3de926f017faa5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3eafa7b770bddfea7470dd77e7bcc1c29cece1f8b7b89257d42fcfe0f655fae7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bc440f2e6582ed948b78f9b4b8bd19d8073437162b3fa9c6f3de926f017faa5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F313E71D00209ABCF55EFA4DC85AEEBFBAFF04304F00011DF815A6265DB31AA06DBA4
                                                                                                                                                                                                                                                                                                                                                            Function 006F356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 006F3621
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 006F365C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4cff3a3a352b3d5113f4896c634a05ac666c37b9ee2116df513d379e209c6527
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9667d1f2a6fd30e1038d6b4a06791ccbcf13c13f0e35bcf3766138b4d702da9b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cff3a3a352b3d5113f4896c634a05ac666c37b9ee2116df513d379e209c6527
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A318C71100608AEDB109F68DC81AFB73AAFF88724F00961DFAA5D7290DA31ED81D764
                                                                                                                                                                                                                                                                                                                                                            Function 006F4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 006F461F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006F4634
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 003bd821bd1cb28f06fcb5556552edac936be04b52d9dfb7f72204f3ff129967
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 324f929cb2278e56bb8a66bf3cdade16963c44908be61f1adee7e98dfcf69b78
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 003bd821bd1cb28f06fcb5556552edac936be04b52d9dfb7f72204f3ff129967
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83311874A0120D9FDB14DFA9C990BEA7BB6FF49340F14406AEA05EB751DB70A941CF90
                                                                                                                                                                                                                                                                                                                                                            Function 006F31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 006F327C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006F3287
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 694183e1086649eecc9a5ffc3493edbbc32b3f08bd31452778daedeeaf0ec161
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d043fb3154d8e6eec4ca525912716420ceaba576341b56ffa1f86486f72b63b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 694183e1086649eecc9a5ffc3493edbbc32b3f08bd31452778daedeeaf0ec161
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B11907120021C6FFF259F54DC81EFB376BEB94364F104129FA1897390D6359E519760
                                                                                                                                                                                                                                                                                                                                                            Function 006F3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0066604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066600E: GetStockObject.GDI32(00000011), ref: 00666060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0066606A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 006F377A
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 006F3794
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b4a389adf8a9e7465f42f1d2df67e9ce1abfe2ca6948566ac1a71fe4f1136b77
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0131ff546eeb80798982fa5f3a8f5ddd9acfbe227bfb88d82af87e7ec3cae2a1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4a389adf8a9e7465f42f1d2df67e9ce1abfe2ca6948566ac1a71fe4f1136b77
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C61129B261021EAFDB00EFA8CD45AFA7BB9EB08314F004914FA55E2250D735E851DB50
                                                                                                                                                                                                                                                                                                                                                            Function 006DCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 006DCD7D
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 006DCDA6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 15087db626e66d342681ef7530799e3089c58beb4485bc7e8ef7da38e7c79f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1449cb66f18cb6051a7dd12bcf00a6156f4eb9d9c309175e4f30e929a1fc7150
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15087db626e66d342681ef7530799e3089c58beb4485bc7e8ef7da38e7c79f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8911C671A0563A7AD7384B668C45EF7BE6FEF527B4F004227B10983280D7749941D6F0
                                                                                                                                                                                                                                                                                                                                                            Function 006F3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 006F34AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 006F34BA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e1274e3a9ac1ed04816fcfbc1120a971a63db561fc23e680eb983a621c57c6a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 908d057f0edb707704dcb2ac4752f515b451632e9cdb91c90854a540e9180481
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1274e3a9ac1ed04816fcfbc1120a971a63db561fc23e680eb983a621c57c6a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66116A7110021CAAEB128E64DC44AFA37ABEB05374F504724FA61933E0C775DC519B64
                                                                                                                                                                                                                                                                                                                                                            Function 006C6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 006C6CB6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C6CC2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4a5cb1a1d74bb913e6f498a65b9fa31138e1531a3f3ecb252d41d2703245d226
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0fa4dad45931f93a4dafb91c361f5f0e8020539b18b524a4f58b03a859f36ee9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a5cb1a1d74bb913e6f498a65b9fa31138e1531a3f3ecb252d41d2703245d226
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F01C4326045268BCB20AFBDDC81EFF77B7EF61720710052CF86297294EA31E900C658
                                                                                                                                                                                                                                                                                                                                                            Function 006C1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 006C1C46
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 39dc90e736fbac21fd969503c6cb809a720132c9dc3c7f7378584cc377367b2a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c6ef4e4d4701abcd03295430812b5d5d6c53f842e51f1ff3ad561eb769821cdc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39dc90e736fbac21fd969503c6cb809a720132c9dc3c7f7378584cc377367b2a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA01A7B568111867CB08EB90CA51FFF77AEDB13340F14001DB80667282EA389E19E6B5
                                                                                                                                                                                                                                                                                                                                                            Function 006C1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 006C1CC8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5a12d2ef14ca5bfd3f1c724803481ee885fb3a986a4d3a02f53f540650a9bd5f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f3dfa785304de182ed39d74dcc60de4f18525961f2dce3c66c4eba9366337082
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a12d2ef14ca5bfd3f1c724803481ee885fb3a986a4d3a02f53f540650a9bd5f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31018FB168011867CB04EBA0CA11FFE73AEDB13340B14001DB802A7282EA389E19D675
                                                                                                                                                                                                                                                                                                                                                            Function 0067A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0067A529
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ,%s$3yk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2551934079-1367514051
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b324401d616c3409cec69c84d15beb0dc35d59077a3d83924835d1a7f33253fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b915a2f7534704634dd5c1b4e23d9bb6da2ca1ec7da97b2df09ec53d51faa28f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b324401d616c3409cec69c84d15beb0dc35d59077a3d83924835d1a7f33253fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0017B3170061497E540F3B8D81BAAD335BDB85720F00846CF509572C3EE605E068B9F
                                                                                                                                                                                                                                                                                                                                                            Function 006F8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00733018,0073305C), ref: 006F81BF
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 006F81D1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID: \0s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3712363035-2360154291
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 52bf9033027427b6602c10121ba1e376d04c1e7cc8fe0c6ced307bf6042a16ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1cced3c5e1c0cbffa53e9711663da9f33cad12c0882034deafb4135d00f6b798
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52bf9033027427b6602c10121ba1e376d04c1e7cc8fe0c6ced307bf6042a16ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FF05EF2A40314BFF3346765AC55FB73A9EDB05752F004425BB08D61A2D67E8A0497BC
                                                                                                                                                                                                                                                                                                                                                            Function 006E747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a6ae8c578d556165bf7005b1f4c733c4de2694a04c92f4fedb2c8ead91c23c8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96bf6aab343b444188a1361d373a9976dd25adfb046d164898ff908b2b100c43
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a6ae8c578d556165bf7005b1f4c733c4de2694a04c92f4fedb2c8ead91c23c8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5E02B022063A1509271227BADC19BF57CBCFC9750710182FF985C23AAEE94CD9193E4
                                                                                                                                                                                                                                                                                                                                                            Function 006C0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 006C0B23
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: debffaf04b15f97780286d3c3210a4f5fdc5d26b890ce676dfaf50f30a847f52
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 86ff2ad3b6071d3d63115475e4b148e269c46e88076fbfbca88990f016a3981c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: debffaf04b15f97780286d3c3210a4f5fdc5d26b890ce676dfaf50f30a847f52
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2E04F3228931C7AD2643795BD07FD97A868F05B61F10442EFB98955C38EE2689086ED
                                                                                                                                                                                                                                                                                                                                                            Function 00680D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00680D71,?,?,?,0066100A), ref: 0067F7CE
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0066100A), ref: 00680D75
                                                                                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0066100A), ref: 00680D84
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00680D7F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 236416d752bfd11479511d12580afa144d6423c540312a51b934c6b1db25806f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5dce1b37e482b5c573687c98d0a6cf35b5dec1f87dacbf58e9b09d0b36833e19
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 236416d752bfd11479511d12580afa144d6423c540312a51b934c6b1db25806f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71E06D702003118BE3A0AFBCE9047527BE6AF00740F008E2DE486C6751DBB5E448CB91
                                                                                                                                                                                                                                                                                                                                                            Function 0067E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0067E3D5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0%s$8%s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4174055574
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1c0dd287e96a12dbd015b9010324619d7eb04e266e2d5359801f682d06bef8c2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1663aee9302b4be1bf31589124d7b6f8832ad0f93dd2836b2c238b13d3e93e0f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c0dd287e96a12dbd015b9010324619d7eb04e266e2d5359801f682d06bef8c2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4E02032408D10CBF644E718B454B883357AB0C330B1082F8E245871D3DB7B1A47874C
                                                                                                                                                                                                                                                                                                                                                            Function 006D3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 006D302F
                                                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 006D3044
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3590452964f693e0488cc5b92f5b7a024d0ba37aa43c6c189709719e339eae94
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 95655bdee86c1587e154d112decb4e31e6ffb759d59a512c4a006d8699afb6be
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3590452964f693e0488cc5b92f5b7a024d0ba37aa43c6c189709719e339eae94
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2D05B7150032867DB209794AD0DFD73A6CD704760F0001517655D2091DAB49644CAD0
                                                                                                                                                                                                                                                                                                                                                            Function 006F2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006F236C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 006F2373
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CE97B: Sleep.KERNEL32 ref: 006CE9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e9c25b8aa0fbc670d850bbeaa479b10e854469c02a8f24929c24c25269dbef44
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ffce473c223436b1d311e0fa7c83086db60f294fd3eb30568be2b419e7acca7f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9c25b8aa0fbc670d850bbeaa479b10e854469c02a8f24929c24c25269dbef44
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AD012723C53147BE7A4B770ED0FFD676269B05B20F00591A7745EA1D4C9F4B811CA58
                                                                                                                                                                                                                                                                                                                                                            Function 006F2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006F232C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 006F233F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006CE97B: Sleep.KERNEL32 ref: 006CE9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112571200.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112512822.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2112909489.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113204343.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2113289958.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_660000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 908ead4a829ffc53d08a3207ff4ced3734932ba1dc0a06a6d80d067f12aa21d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 923a4891786eace907370327d9adb69af47046e06a5797eee700fe300f6c4f6b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 908ead4a829ffc53d08a3207ff4ced3734932ba1dc0a06a6d80d067f12aa21d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28D01276394314B7E7A4B770ED0FFE67A269B00B20F00591A7745EA1D4C9F4A811CA54